Endpoint Protection

  • Private Community
 View Only

 Failing installation of Symantec Endpoint Protection

Martin Frerichs's profile image
Martin Frerichs posted Oct 10, 2025 05:49 AM

Hello,

I've spent plenty of time to get an SEP installation running. Every try ends in a rollback of the setup.

The environment is based on HyperV, one VM is used for Symantec Endpoint Protection Manager 14.3 RU9. SEP is installed without failures on the HyperV Host and on the SEPM VM.

Two VMs are always rolling back the setup process. The VMs are unbootable after this process. If I run the cleanwipe tool after the rollback the VM is bootable.

The SymDiag tool doesn't show a problem.

Can you help to solve the problem?

Best regards

Martin

Imtiaz Hussain's profile image
Imtiaz Hussain posted Oct 10, 2025 09:18 AM

Hello Martin,

Based on your description, the issue where the Symantec Endpoint Protection (SEP) client installation rolls back and leaves the VMs unbootable is often related to one of the following causes:Incompatible or corrupted filter drivers – especially network or storage filter drivers that conflict with the SEP kernel drivers (e.g., symefa.sys, symevent.sys).

  1. Insufficient system resources or pending reboots preventing SEP components from installing properly.

  2. Hyper-V specific driver conflicts (notably with Integration Services or AV exclusions).

To help resolve this, please follow these steps:

1. Verify prerequisites and environment

  • Ensure the Windows OS version on the affected VMs is fully updated and supported by SEP 14.3 RU9 
  • Confirm no other antivirus or security agent (including Windows Defender or remnants of old AV software) is active. Use CleanWipe to remove all traces of prior installations before retrying.

2. Check installation logs

After the rollback, review the SEP installation logs:
%temp%\SepInst.log
C:\ProgramData\Symantec\Symantec Endpoint Protection\14.x.x.x\Logs
Look for keywords like “ROLLBACK”, “ERROR”, or “FAIL” near the end of the file.
Broadcom KB reference: How to troubleshoot SEP client installation failures

3. Disable non-essential Hyper-V components

On the problematic VMs, try:

  • Temporarily disable Hyper-V integration components (especially time synchronization and data exchange).
  • Ensure virtual disk type is not dynamically expanding during installation.

4. Test with minimal feature set

Try installing SEP with only Basic Protection features (AV only) to isolate the failing module:

  • setup.exe /v"ADDLOCAL=Core,TPROXY,PTP,SAV"
  • If that succeeds, you can add additional modules incrementally (e.g., Firewall, IPS).

5. Review Windows Event Logs

Check for Event ID 7000–7031 (Service Control Manager) or Event ID 1000–1001 (Application Error) entries during rollback. These often reveal the driver or service causing the crash.

6. Create a test snapshot

Before reinstalling, take a VM checkpoint. If the rollback still occurs, you can revert safely.

If none of these resolve the issue, I recommend generating a full SymDiag support package (SymDiag.exe /gen_supportpackage) from one affected VM and submitting it to Broadcom Technical Support:

Please share any recent entries from SepInst.log that mention “rollback” or driver installation errors, and I can help interpret them for you.

Best regards,