You have problems installing Symantec AntiVirus Corporate Edition or Symantec Endpoint Protection, or you have installed the product, but it is not functioning properly. You need a list of files, folders, and registry keys in order to check rights and permissions.
The installation of Symantec AntiVirus or Symantec Endpoint Protection on any Windows NT/2000/XP/2003 computer requires Local Administrator rights to the computer. If you install from another computer by using NT Client Install or Client Remote, you must be a Domain Administrator, and on each computer, the Domain Administrator must also be a member of the Administrators group. Membership in other groups may cause restrictions on the Domain Administrator account's local rights. Verify that no restrictions on the Local Administrator or Domain Administrator accounts have been made.
Checking permissions within the registry
WARNING: We strongly recommend that you back up the system registry before making any changes. Incorrect changes to the registry could result in permanent data loss or corrupted files. Modify only the keys specified. See the document How to back up the Windows registry before proceeding.
Note: When verifying permissions in Windows NT, verify that the Creator/Owner account has full rights to the registry keys listed. To propagate permissions to subkeys in Windows NT, place a check next to "Replace Permissions on Existing Subkeys."
To edit the registry
To check the rights on registry keys in regedt32
Checking permissions on an NTFS drive
Use the Windows Explorer to verify that System and Administrator have "Full Control" and Users have "Read Only" permissions for the following folders (if they exist):
(drive:)\Program Files\Common Files
(drive:)\Program Files\Symantec AntiVirus
(drive:)\Program Files (x86)\Symantec
(drive:)\Program Files (86)\Common Files\Symantec Shared
To check the permissions, right-click the folder, choose Properties, and click the Security tab. Verify that both System and Administrator have Full Control.
The following folders should have Full Control permissions for the System and Administrator accounts, and Read Only for User accounts. If a folder does not exist, simply skip to the next one:
(drive:)\Documents and Settings\All Users\Application Data\Symantec
(drive:)\Documents and Settings\All Users\Application Data\Symantec\Norton AntiVirus Corporate Edition\7.5
(drive:)\Documents and Settings\All Users\Application Data\Symantec\Symantec AntiVirus Corporate Edition\7.5
Note: Before attempting to change permissions on directories or subdirectories, you should take ownership. NT does not change permissions on a subdirectory where ownership is incorrect, and does not report that it cannot change the permissions. Using an Administrative logon is suggested.
Checking DCOM settings
The last place to check rights on a computer is in its DCOM settings.
To verify Distributed COM properties
Some customers have reported fixing installation problems caused by incorrect rights or permissions by using Microsoft's SubInACL utility to change registry and NTFS permissions. This information is provided for your convenience. Symantec does not provide support for or assistance with Microsoft products.