Endpoint Protection

Anyone have experience to remove the flag RebootRequired in SEP console?
After installation I have several client that announce at the console that they require reboot. Some client have critical application, so I cannot reboot them and also I would like to avoid this message on the console.
I was not able to understand where a client sets the Reboot Required info.

Any Suggestions?
Thanks

I don't believe this option exists.

Click on Clients >> Click the Group you want to modify >> Click on the Policies tab at the top >> Click General Settings

Under Restart Options you will only have 'Prompt the user to restart the computer' and 'Force the computer restart'

What you could do is enter a generic message such as 'SEP successfully installed' and set 'The notification window will automatically close after (seconds):' to 10 seconds, which is the lowest it will go.

You can also set 'Maximum number of snooze opportunities:' to 0 and do the same for 'Maximum time between snoozes (minutes):' Setting to 0 should turn them off

You may want to test this on one machine before putting into production.

Also, I'm assuming you created and exported a package for deployment?

If so, what type of install package did you create? Silent? Unattended? Interactive? Try deploying a 'Silent' package and see what happens.

I suspect that you want to get rid of the message in SEPM, not on the clients themselves? I do not think it is possible; this is just what clients report to the console and the console gives this information out. You cannot remove it from the console side. May I ask why are you trying to get rid of this information from the console? Are you afraid that accidentaly someone can reboot the machines? I am sking because maybe we will be able to figure out some kind of workaround :-)

Check the registry key on the client machine:

HKLM>System>CurrentControlSet>Session Manager

backup it and remove, if there is one, the key PendingFileRenameOperations 

Then reset Symantec Endpoint Protection service, execute two commands: smc -stop and smc -start from Start - Run and see how it goes :-)

In fact reboot is not necessary for SEP to work except Network Threat Protection which uses kernel level driver which needs to be loaded at the boot.

Please let us know should you require more information.

Pawel, there are two aspects: first of all avoid that someone can accidentally reboot critical systems, second we plan the migration supposing no reboot and someone expects it..

So our goal is avoid, in a clean way, the client notification to the console.

in sep db, client sets the flag reboot required to 1 and reboot reason to FW=2 even if firewall isn't installed.

Removing PendingFileRenameOperations and restarting Symantec Endpoint Protection hasn't provide benefits.

do you have other suggestions?

Are you using a silent install package?

can u try this?

delete from sem_agent where reboot
_reg<> '1'

I'm not sure about the reboot key syntax, u already found it.

This information is listed in the DB under SEM_AGENT as REBOOT_REQUIRED and REBOOT_REASON.

I imagine you can delete these with relative ease though the clients will send this back every time they check in. I do not believe there is a way you can stop this without other consequences like locking those tables.

Brian - Yes,  I am using silent installation.

John -  I know the db issue but I would prefer, if exists, a clean way like stop the notification from the client

Rafeeq - if you mean set the RebootStatus <>1 in HKLM\SW\Symantec\SymantecEndpointProtection\AV I have already done without success

How are you pushing this? Deployment/Migration wizard? SCCM?

Reason I ask is because I don't have this happen nor have I ever. I've used a combination of SCCM/Push from SEPM console/PushDeployment Wizard pushing a silent package

I don't know that an option in the SEPM console exists (I have never seen one).

Here are my client install settings:

ment to delete this value in the database, that was the sql query to run 

delete from sem_agent  REBOOT_REQUIRED '<>1'

This is interesting. Have you tried this? I would suspect it will prevent showing the information fro the user to reboot the machine but to the console the status would be sent that it requires reboot anyway?

Yes, it's exactly like that. No messages for the user but the console reports that clients require reboot.

Ok, check:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update and delete RebootRequired

Make backup of the key before deleting it!

Let us know :-)

I am not sure that the RebootRequired Key is present under the path HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\WindowsUpdate\Auto Update . I checked different OSs but I didn't find it

 What OS is your client?

basically my 'client' are server with Windows Server 2003

 It was just my idea where the clients take the information (and then provide it to the console) about the reboot. If the key does not exist... I am not sure if it should be or not in Windows Server 2003. It was just a gues. I will try to figure out something else :-)