On an Endpoint Protection client, you try to create or start a scan. One of the following symptoms occurs:
The following messages can appear, depending on what action you are attempting:
This problem occurs because the logged in user lacks Full Control to a registry key that is used by SEP to store user specific scan-settings. Please make sure to make a backup of the registry, and/or any valued data before you proceed.
Symantec Endpoint Protection 11.x:
User specific scan settings are stored under the following key:
NOTE: As HKEY_CURRENT_USER is user-specific and the user may lack the ability to make (permission) changes to the registry, you may need to login as a local administrator and manually locate the appropriate user-specific registry key via HKEY_USERS.
The issue can be resolved by assigning the logged in user with Full Control to the following key as the permissions will propagate down:
Symantec Endpoint Protection 12.x:
User specific scan settings are no longer stored in HKEY_USERS starting in Symantec Endpoint Protection 12.1. They are now stored in HKEY_LOCAL_MACHINE. Each user has a unique registry key under which the user specific scan settings are stored. To make appropriate changes to the registry, you may need to login to the system with a local administrator account:
Symantec Endpoint Protection 12.1.x on a 64-bit Windows Vista/7/2008/2008R2/2012 system:
In some cases it may be preferable to delete all of the SIDs under the Custom Tasks registry key, as it may be difficult to determine which SID belongs to what user. The SIDs will be re-created upon login of the individual users.
To ensure that the issue has been resolved, make sure to logoff and log back on with the affected user account(s) and run a custom scan.