the registry key: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\ccSvcHst.exe\"Debugger" = "svchost.exe" does not exist
but service: symantec settings manager is still in the windows service but not startup (type Auto)
for the sep_inst.log there are 2 "return value 3". as follow
Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys. System error 5. Verify that you have access to that directory.
MSI (s) (D4:E4) [13:14:23:015]: Product: Symantec Endpoint Protection -- Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys. System error 5. Verify that you have access to that directory.
MSI (s) (D4:E4) [13:14:23:015]: Note: 1: 2318 2: C:\WINDOWS\system32\Drivers\symndis.sys
MSI (s) (D4:E4) [13:14:23:015]: Note: 1: 1310 2: 5 3: C:\WINDOWS\system32\Drivers\symndis.sys
MSI (c) (C8:38) [13:14:22:546]: Font created. Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys. System error 5. Verify that you have access to that directory.
MSI (s) (D4:E4) [13:14:26:031]: Product: Symantec Endpoint Protection -- Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys. System error 5. Verify that you have access to that directory.
MSI (c) (C8:38) [13:14:23:015]: Font created. Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
Error 1310.Error writing to file: C:\WINDOWS\system32\Drivers\symndis.sys. System error 5. Verify that you have access to that directory.
MSI (c) (C8:38) [13:14:26:031]: Font created. Charset: Req=0, Ret=0, Font: Req=, Ret=Arial
Are you sure you want to cancel?
MSI (s) (D4:E4) [13:14:27:078]: User policy value 'DisableRollback' is 0
MSI (s) (D4:E4) [13:14:27:078]: Machine policy value 'DisableRollback' is 0
Action ended 13:14:27: InstallFinalize. Return value 3.
MSI (s) (D4:E4) [13:14:27:109]: Executing op: Header(Signature=1397708873,Version=301,Timestamp=994535586,LangId=1033,Platform=0,ScriptType=2,ScriptMajorVersion=21,ScriptMinorVersion=4,ScriptAttributes=1)
MSI (s) (D4:E4) [13:14:27:109]: Executing op: DialogInfo(Type=0,Argument=1033)
MSI (s) (D4:E4) [13:14:27:109]: Executing op: DialogInfo(Type=1,Argument=Symantec Endpoint Protection)
MSI (s) (D4:E4) [13:14:27:109]: Executing op: RollbackInfo(,RollbackAction=Rollback,RollbackDescription=Rolling back action:,RollbackTemplate=[1],CleanupAction=RollbackCleanup,CleanupDescription=Removing backup files,CleanupTemplate=File: [1])
MSI (s) (D4:E4) [13:14:27:109]: Executing op: ActionStart(Name=InstallFiles,Description=Copying new files,Template=File: [1], Directory: [9], Size: [6])
MSI (s) (D4:E4) [13:14:27:109]: Executing op: SetTargetFolder(Folder=C:\WINDOWS\system32\Drivers\)
MSI (s) (D4:E4) [13:14:27:109]: Executing op: ProductInfo(ProductKey={3BAB4914-9CC1-4CC2-A3DA-56EF62DFD373},ProductName=Symantec Endpoint Protection,PackageName=Symantec AntiVirus.msi,Language=1033,Version=184553376,Assignment=1,ObsoleteArg=0,ProductIcon=ARPPRODUCTICON.exe,,PackageCode={D8747744-9A14-48CE-93F3-B626F10E24FE},,,InstanceType=0,LUASetting=0,RemoteURTInstalls=0)
MSI (s) (D4:E4) [13:14:27:109]: Executing op: FileRemove(,FileName=C:\WINDOWS\system32\Drivers\symndis.sys,,)
MSI (s) (D4:E4) [13:14:27:125]: Executing op: FileRemove(,FileName=C:\WINDOWS\system32\Drivers\symids.sys,,)
MSI (s) (D4:E4) [13:14:27:125]: Executing op: SetTargetFolder(Folder=C:\Program Files\Common Files\Symantec Shared\)
MSI (s) (D4:E4) [13:14:27:125]: Executing op: FileRemove(,FileName=C:\Program Files\Common Files\Symantec Shared\SNDSrvc.exe,,)
MSI (s) (D4:E4) [13:14:27:140]: Executing op: SetTargetFolder(Folder=C:\WINDOWS\system32\Drivers\)
MSI (s) (D4:E4) [13:14:27:140]: Executing op: FileRemove(,FileName=C:\WINDOWS\system32\Drivers\symredrv.sys,,)
=================================================================================================================
MSI (s) (D4:E4) [13:14:44:671]: Executing op: ActionStart(Name=checkMSXMLVersion.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
MSI (s) (D4:E4) [13:14:44:671]: Executing op: ActionStart(Name=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,,)
MSI (s) (D4:E4) [13:14:44:671]: Executing op: CustomActionRollback(Action=RB_cleanupFolder.0723A1DC_DEB6_4A50_874F_3A2D2C99A1C1,ActionType=1345,Source=BinaryData,Target=cleanupFolder,)
MSI (s) (D4:60) [13:14:44:671]: Invoking remote custom action. DLL: C:\WINDOWS\Installer\MSI93.tmp, Entrypoint: cleanupFolder
InstSymProtect::cleanupFolder() -> called
DeleteFolderIfNoFileExists: Driver file is not present.
DeleteFolder: FAILED to delete directory C:\Program Files\Common Files\Symantec Shared\SPBBC
DeleteFolderIfNoFileExists: SHDeleteFolder FAILED
InstSymProtect::cleanupFolder() -> DeleteFolderIfNoFileExists FAILED
MSI (s) (D4:E4) [13:14:45:265]: Executing op: End(Checksum=0,ProgressTotalHDWord=0,ProgressTotalLDWord=0)
MSI (s) (D4:E4) [13:14:45:265]: Error in rollback skipped. Return: 5
cleanupFolder: exiting
MSI (s) (D4:E4) [13:14:45:281]: Calling SRSetRestorePoint API. dwRestorePtType: 13, dwEventType: 103, llSequenceNumber: 34, szDescription: "".
MSI (s) (D4:E4) [13:14:45:328]: The call to SRSetRestorePoint API succeeded. Returned status: 0.
MSI (s) (D4:E4) [13:14:45:328]: Unlocking Server
MSI (s) (D4:E4) [13:14:45:328]: PROPERTY CHANGE: Deleting UpdateStarted property. Its current value is '1'.
Action ended 13:14:45: INSTALL. Return value 3.
Property(S): DiskPrompt = [1]
Property(S): UpgradeCode = {24BF7A02-B60A-494B-843A-793BBC77DED4}
Property(S): CostingComplete = 1
Property(S): VersionNT = 501
Property(S): TARGETDIR = C:\
Property(S): ALLUSERSPROFILE = C:\
Property(S): SYSTEM32TEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\System32\
Property(S): ANSITEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\System32\Ansi\
Property(S): WINSYS32TEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\Windows\System32\
Property(S): ANSIWINSYS32TEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\Windows\System32\Ansi\
Property(S): AdminToolsFolder = C:\Documents and Settings\All Users\Start Menu\Programs\Administrative Tools\
Property(S): AppDataFolder = C:\Documents and Settings\Wanna N\Application Data\
Property(S): SYMANTEC = C:\Documents and Settings\All Users\Application Data\Symantec\
Property(S): CACHED_INSTALLS = C:\Documents and Settings\All Users\Application Data\Symantec\Cached Installs\
Property(S): CMCDIR = C:\Program Files\Symantec\Symantec Endpoint Protection\
Property(S): SEPTEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\program files\Symantec\SEP\
Property(S): CMCDIRTEMP = C:\DOCUME~1\WANNAN~1\LOCALS~1\Temp\Symantec\program files\Symantec\SEP\CMCDIR\