Symantec Endpoint Protection Issues with ConfigMgr

If you are unlucky enough to have Symantec Endpoint Protection in your environment you may run into the same issue we were seeing where applications and software updates would be stuck on “installing” in software center. When left alone they sit there indefinitely, never actually installing anything.

Following these through the logs it would show up correctly all the way through the CAS log, download content but then never show up in the AppEnforce and there would be no errors.

After much wasted time we eventually came to the conclusion that SEP was causing the issue. There was nothing in the SEP client logs to show that it was blocking anything, but we had just updated to 14.0mp1 and were working on setting up exclusions due to issues we were seeing with SEP removing content on our Distribution points.

The exclusions we applied came from Garth Jones’s post on TechNet-

https://social.technet.microsoft.com/Forums/en-US/753bddc0-0147-4b9a-901c-94e55d024850/sccm-2012-antivirus-exclusions-for-servers-and-workstations?forum=configmanagergeneral

How we got away without having exclusions up until this point I don’t know but after updating the SEP install to include the new exceptions and either waiting for the client to update or forcing it with a re-install software was once again able install successfully on some machines, on others we were still seeing issues.

For the ones that were still having issues we saw that stopping the SEP client would allow applications and updates to install. So we put in a call to their support and after only a couple of weeks they determined that we should update to the latest version, 14.0mp2.

Updating to 14.0mp2 did resolve the issue for a significant amount of our clients, the one problem with that though was that it caused a BSOD on the first reboot after the update on many machines. Symantec says that it has to do with the checkpoint client on our machines and “our process couldn’t cause the crash”. Great. We still have tickets open with both vendors but may just have to push forward to get things in a working state.

I am currently arguing to move to System Center Endpoint Protection instead, so at least Symantec support has been helpful there.

TLDR-

If you are having issues with System Center Clients after updating SEP to 14.0mp1, add exclusions if you don’t have them and update to SEP 14.0mp2. Just be careful if you also have Checkpoint on your clients as you may see a BSOD on the initial reboot after the update.

Leave a Reply

Your email address will not be published.