After running Windows Update on a computer where Symantec Endpoint Protection (SEP) is installed, you may see entries in the SEP Tamper Protection logs that indicate that Windows Update processes are being blocked.
Tamper Protection log entries similar to the following, for block of Windows Binary(Actor) on various Symantec processes or registry entries:
The Windows patch uses a tool called FixCCS.exe which sometimes attempts to write into registry keys for Symantec (and other Software and Hardware keys).
Tamper Protection blocks this action on Symantec keys and processes as these are Symantec-protected resources. Users may have the impression that this is causing the Windows Update to fail, but it is not.
For further information, see the following article for information on related Windows Update difficulties: