When a Symantec Endpoint Protection (SEP) 12.1 RU6 or newer client package is exported with the option to "Create a single .EXE file for this package" disabled and then a custom file is slipstreamed into the package, an installer integrity check error will occur.
SEP 12.1 RU6 and newer includes a number of security enhancements that surround file validation during the install. This failure is as expected since the file HASH does not match what the installer knows should be there for that particular file.
This is working as designed and there is no way around these new file validation checks. There are other means in which a custom file can be replaced post install. A System Center Configuration Manager (SCCM) or Altiris package can be created to include the file with the SEP deployment push. Then post install, but before reboot, script the deployment software to swap out the installed file with the custom file. Then perform a reboot of the SEP client.