After upgrading Symantec Endpoint Protection (SEP) some machines are not connecting to network resources after restart and users were unable to login without cached credentials. Running cleanwipe and reinstalling resolved the issue and restore connectivity.
Sysmon will "touch" the SEP Teefer driver during the upgrade when the file is trying to be renamed, so the installer schedules the file to be renamed on the next reboot. This prevents the driver from loading on the first reboot. In some instances, it took up to 3 reboots before Teefer loaded properly.
The recommended solution is to uninstall Sysmon before upgrading SEP. Alternatively, you could test disabling the Sysmon service so it doesn't re-enable on reboot.
ID: 4129608, 3835766
Subscribing will provide email updates when this Article is updated. Login is required.