Endpoint Protection

I'm trying to install SEP on a Windows 7 Embedded SP1, 64 bits, and the installation fail during the process.

I got the following error in SEP_INST.log 

*****************************************************************************************************************

MSI (s) (9C:B4) [12:36:53:090]: Executing op: ProgressTotal(Total=1,Type=1,ByteEquivalent=1300000)
MSI (s) (9C:B4) [12:36:53:090]: Executing op: ServiceControl(,Name=SepMasterService,Action=1,Wait=1,)
MSI (s) (9C:B4) [12:36:54:387]: Executing op: ActionStart(Name=FixDriverVolatileKey_RB,,)
MSI (s) (9C:B4) [12:36:54:390]: Executing op: CustomActionSchedule(Action=FixDriverVolatileKey_RB,ActionType=3329,Source=BinaryData,Target=FixDriverVolatileKey_RB,CustomActionData=SYMTDI;SymIRON;ccSettings_{49637904-45A4-4055-89A1-2511D4C15A1D};SRTSPX;SymELAM;SISIPSService;SISIDSService;SYMTDIV;SYMNETS;BHDrvx64;BHDrvx64;SRTSP;IDSxpa64;IDSVia64;RasMan;heCAF;SISIPSUtil;SISIPSDriver;eeCtrl;SysPlant;SNAC;SNAC;)
MSI (s) (9C:B4) [12:36:54:402]: Executing op: ActionStart(Name=ShowServiceProgress_RB,Description=Executing rollback script via service,Template=[1])
MSI (s) (9C:B4) [12:36:54:405]: Executing op: CustomActionSchedule(Action=ShowServiceProgress_RB,ActionType=3329,Source=BinaryData,Target=ShowServiceProgress_RB,CustomActionData={49637904-45A4-4055-89A1-2511D4C15A1D};SOFTWARE\Symantec\Symantec Endpoint Protection;Executing rollback script via service;)
MSI (s) (9C:B4) [12:36:54:414]: Executing op: ActionStart(Name=ShowServiceProgress,Description=Executing install script via service,Template=[1])
MSI (s) (9C:B4) [12:36:54:416]: Executing op: CustomActionSchedule(Action=ShowServiceProgress,ActionType=3073,Source=BinaryData,Target=ShowServiceProgress,CustomActionData={49637904-45A4-4055-89A1-2511D4C15A1D};SOFTWARE\Symantec\Symantec Endpoint Protection;Executing install script via service;)
MSI (s) (9C:14) [12:36:54:421]: Invoking remote custom action. DLL: C:\windows\Installer\MSI20A3.tmp, Entrypoint: ShowServiceProgress
ScriptGen: ShowServiceProgress() MSIRUNMODE_SCHEDULED
ScriptGen: ShowServiceProgress() calling WaitForSingleObject(scriptStarted) ...
ScriptGen: ShowServiceProgress() WaitForSingleObject(scriptStarted) returned WAIT_OBJECT_0
ScriptGen: ShowServiceProgress() script execution failed.
ScriptGen: ShowServiceProgress() reset script failure event.
ScriptGen: ShowServiceProgress() is returning an error (so close to the end!)
CustomAction ShowServiceProgress returned actual error code 1603 (note this may not be 100% accurate if translation happened inside sandbox)
MSI (s) (9C:B4) [12:37:15:692]: User policy value 'DisableRollback' is 0
MSI (s) (9C:B4) [12:37:15:692]: Machine policy value 'DisableRollback' is 0
Action ended 12:37:15: InstallFinalize. Return value 3.

*****************************************************************************************************************

and the following error in SIS_INST.log

*****************************************************************************************************************

2018-10-24T16:37:15.659Z ERROR I SIS      File C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP\IDS\bin\IDSLWInit.exe is not trusted. Verification result: 20
2018-10-24T16:37:15.659Z ERROR I SIS         
2018-10-24T16:37:15.659Z ERROR I SIS        Dumping action parameters from the script:
2018-10-24T16:37:15.659Z ERROR I SIS          FilePath=["C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP\IDS\bin\IDSLWInit.exe"]
2018-10-24T16:37:15.659Z ERROR I SIS          Parameters=[-i -p "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP" -l "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\14.2.770.0000.105\SAEP\sdcsslog\SISIPSService.log"]
2018-10-24T16:37:15.659Z ERROR I SIS          EnableCCTrace=[true]
2018-10-24T16:37:15.659Z ERROR I SIS          OnError0=[PASS]
2018-10-24T16:37:15.659Z ERROR I SIS          OnError1=[PASS]
2018-10-24T16:37:15.659Z ERROR I SIS          OnError3010=[PASS_REBOOT_REQUIRED]
2018-10-24T16:37:15.659Z ERROR I SIS          OnError3017=[FAIL_REBOOT_AND_ROLLBACK]
2018-10-24T16:37:15.659Z ERROR I SIS          OnError606=[CATASTROPHIC_FAIL]
2018-10-24T16:37:15.659Z ERROR I SIS          OnDefaultError=[FAIL]

*****************************************************************************************************************

Event viewers gives event ID 34,35,36 and 37.

According to SymDiag, everything is green, no error for SEP.

Any ideas?

Thanks!

Which components are included?

Thanks for helping!
I am not 100% sure to understand the question, but I do have SEPM installed on a server and other SEP installed on other computers running the same OS (Windows 7 Embedded SP1). The installation actually succeeded on some of the computers, but not all of them.

Components as in AV, Firewall, IPS, etc.?

I would assume all components since the SEP installer is created from the SEPM, using the "Full Protection for Clients" install feature set.

The install setting selected is "Default Dark network installation settings for Windows".

I'd start with only the AV component and go from there. It looks like something with the application hardening component is causing a problem.

I removed a few features that I don't need for now with setAid.ini and it seems to work. In the case we need to enable it, do you have any idea why it would not work? I can provide procmon logs if you want it.

Many thanks!

You'd need to open a case with Symantec support so they can review logs. Probably, that feature isn't supported on embedded OS version but they would have to look into it.