On an Endpoint Protection client, you try to create or start a scan. One of the following symptoms occurs:
An error message appears.
Endpoint Protection crashes.
The following messages can appear, depending on what action you are attempting:
"Error 536870988 occurred running scan." This happens when you try to start an active or full scan.
"Error 0x80070005 occurred deleting the scan." This happens when you try to delete a scan.
"Error 0x80004005 occurred creating the scan." This happens when you try to create a scan.
This problem occurs because the logged in user lacks Full Control to a registry key that is used by SEP to store user specific scan-settings. Please make sure to make a backup of the registry, and/or any valued data before you proceed.
Symantec Endpoint Protection 11.x:
User specific scan settings are stored under the following key:
NOTE: As HKEY_CURRENT_USER is user-specific and the user may lack the ability to make (permission) changes to the registry, you may need to login as a local administrator and manually locate the appropriate user-specific registry key via HKEY_USERS.
The issue can be resolved by assigning the logged in user with Full Control to the following key as the permissions will propagate down:
User specific scan settings are no longer stored in HKEY_USERS starting in Symantec Endpoint Protection 12.1. They are now stored in HKEY_LOCAL_MACHINE. Each user has a unique registry key under which the user specific scan settings are stored. To make appropriate changes to the registry, you may need to login to the system with a local administrator account:
Symantec Endpoint Protection 12.1.x on a 64-bit Windows Vista/7/2008/2008R2/2012 system:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\AV\Scheduler\<
Symantec Endpoint Protection 12.1.x on a 32-bit Windows Vista/7/2008 system:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV\Scheduler\<
The issue can be resolved by assigning Full Control to the user specific SID, or by deleting the entire SID underneath the Schedule registry key. When the user logs into the system, a new registry key with the unique SID will be re-created automatically, should you choose to delete it. Please note however that the user will have to re-create their custom scans and settings.
In some cases it may be preferable to delete all of the SIDs under the Custom Tasks registry key, as it may be difficult to determine which SID belongs to what user. The SIDs will be re-created upon login of the individual users.
For information on how to assign permissions to a registry key, please see the following Microsoft Technet article: