Failed to launch Symantec Diagnostic Tool
search cancel

Failed to launch Symantec Diagnostic Tool

book

Article ID: 224643

calendar_today

Updated On:

Products

Advanced Endpoint Defense (with SEP) Endpoint Protection Endpoint Security Endpoint Security Complete Data Loss Prevention

Issue/Introduction

When you run the Symantec Diagnostic Tool v2.1.300 or higher on Windows, it errors with the message "Failed to launch Symantec Diagnostic Tool".

Cause

The Symantec Diagnostic Tool v2.1.300 or higher requires the DigiCert Trusted Root G4 certificate to be installed as a Trusted Root Certificate. Windows will automatically download and install the certificate since it is part of the July 2020 Microsoft Trusted Root program.  However this will not happen if your system is unable to communicate with the Windows Server Update Services, the policy "Turn off Automatic Root Certificate Updates" is enabled, or your OS does not support SHA2 only code signing certificates.

Resolution

Install the DigiCert Trusted Root G4 certificate using the following steps:

  1. Download the the certificate from https://cacerts.digicert.com/DigiCertTrustedRootG4.crt
  2. Double Click on the file and click on the Open button
  3. Click on the "Install Certificate" button
  4. Set the Store Location to Local Machine
  5. Click the Next button
  6. Select "Place all certificates in the following store".  
  7. Click on the Browse button and select the entry: Trusted Root Certification Authorities
  8. Click on the Next and then the Finish button

See the Microsoft article 2019 SHA-2 Code Signing Support requirement for Windows and WSUS to ensure that your Windows OS supports SHA-2.

If the same error appears, you can verify that the DigiCert Trusted Root G4 is installed by using this command from PowerShell:

Get-ChildItem -Path Cert:\LocalMachine\Root | Where-Object {$_.Thumbprint -eq "ddfb16cd4931c973a2037d3fc83a4d7d775d05e4"}

If the certificate is not installed, no information will be returned.  If the certificate is installed, you will see the following:

   PSParentPath: Microsoft.PowerShell.Security\Certificate::LocalMachine\Root

Thumbprint                                Subject
----------                                -------
DDFB16CD4931C973A2037D3FC83A4D7D775D05E4  CN=DigiCert Trusted Root G4, OU=www.digicert.com, O=DigiCert Inc, C=US

Additional Information

Users with older operating systems that do not receive updates from Microsoft anymore may encounter this issue also.  Please utilize the instructions above to install the certificate.  You also need to validate the Verisign Universal Root Cert is installed and they are all valid.