With Symantec Network Access Control (SNAC) 11.0, a Host Integrity rule contains a registry check or "set registry value" function. This check or function fails when a shorthand like HKLM or HKCU is used.
While the Symantec Endpoint Protection Manager does not give an error when editing the Host Integrity policy, the following error may be seen in the Security Log on the Symantec Endpoint Protection (SEP) client executing the check:
Host Integrity check failed
Requirement: "my test policy" failed with internal error
'HKLM' is undefined
'HKCU' is undefined
Replace HKLM with HKEY_LOCAL_MACHINE or KHCU with HKEY_CURRENT_USER in the Host Integrity policy.
Imported Document ID: TECH175548
Subscribing will provide email updates when this Article is updated. Login is required.