Support - Platinum Support
tab end BCS Web Site divider MySupport divider Log Out navbar end
navbar end home symantec alerting service security center knowledge base navbar end
BCS Knowledge Base


Rate This Document
1x3 spacer
1x1 spacer

print this documentDocument ID:2007101610183248
Last Modified:07/20/2010

MSI command line reference for Symantec Endpoint Protection 11.0

Situation:This is a list of the most commonly used MSI commands for Symantec Endpoint Protection and Symantec Network Access Control.

Solution:BASIC MSI commands
/QN - Quiet No UI
/QB - Quiet Basic UI
/L*V log.txt - full verbose logging to file log.txt
INSTALLDIR = path (optional)
REBOOT = value ( Force = Requires that the computer is restarted. Suppress = Prevents most reboots. ReallySuppress = Prevents all restarts as part of the installation process, even a silent installation)

MSI logging
  • When run from the setup.exe stub Symantec Endpoint Protection, Symantec Network Access Control and Symantec Endpoint Protection Manager automatically create installer logs to the %TEMP% folder (e.g. C:\Documents and Settings\<USERNAME>\Local Settings\Temp) named either SEP_INST.LOG, SNAC_INST.LOG or SEPM_INST.LOG respectively.
  • When the installers are run from either the Push Deployment Wizard or when upgrades are deployed to client groups from the Symantec Endpoint Protection Manager the installer logs are automatically created in the %WINDIR%\temp folder (e.g. C:\WINDOWS\temp).
  • These installer logs are vital in determining installer failures.

Please have these logs available when contacting Symantec Support.

Note– Localized operating systems may have slightly different folders for the log files. You can resolve this by following the below steps:
  1. Click Start> Run
    • Type %TEMP% for the temp folder

    • %WINDIR%\temp for the windows temp folder.

  2. Please see the “Reading Installer logs” section below for more information.

BASIC MSI properties
REBOOT=REALLYSUPPRESS – During migration a reboot may be required. By suppressing a required reboot, full product functionality may not be available until a reboot has taken place. This may not be apparent on a silent install or migration as no user interface messages are displayed.

Install properties
RUNLIVEUPDATE= (1 = run LiveUpdate after install, 0 = do not run LiveUpdate after install, default = 1 run LiveUpdate after install)

ENABLEAUTOPROTECT= (1 = ON, 0 = OFF, Default is 1 = ON)

SYMPROTECTDISABLED= (0 = ON, 1 = OFF, Default is 0 = ON)

DISABLEDEFENDER= (1 = Disable Windows Defender, 0 = Do not disable Windows Defender, Default is 1 = Disable Windows Defender)

INSTALLDIR= (Install target directory, default is C:\Program Files\Symantec\Symantec Endpoint Protection)

CACHEINSTALL= (1 = Cache install, 0 = don't cache, Default is 1)

MIGRATESETTINGS= (0 = don't preserve setting, 1 = preserve all sygate firewall/network access settings, 2 = preserve SyLink.xml and logs only)

ADDSTARTMENUICON = (0 = do not add program to the Start Menu folder, 1 = add program to Start Menu folder, Default is 1)

SAV10UNINSTALLFIXRUN= (1 = already run, 0 = not yet run)
Upgrading SAV10.x or SCS3.x requires modification of the cached install package or the upgrade will fail. If SAV10.x or SCS3.x are detected, the install will abort unless the user is an administrator of the local machine. Setting this property to 1 disables this check.

Note: Enabling MSI to run with elevated privileges is not sufficient in this case. In addition to installing as a local administrator, the modification can be accomplished in two other ways:
  1. Temporarily grant users write access to the Windows\Installer directory for the duration of the upgrade.
  2. Run the tool Tools\Sav9UninstallFix under the credentials of an account with write access to Windows\Installer
  3. Execute the upgrade with the property SAV10UNINSTALLFIXRUN=1 on the command line.

Managed installation - SYLINK.XML
For a managed client, the SYLINK.XML file that is included with its installation defines the initial server that the client will contact for policy and other updates.

SETAID.INI is primarily used in installs exported from the Symantec Endpoint Protection Manager. The installation uses the following settings:

KeepPreviousSetting= (0 = Don't keep previous settings, 1 = Keep previous settings) Note: This settings pertains to Maintain existing settings in the package creation tab.
DestinationDirectory= (The installation path)
AddProgramIntoStartMenu= (0 = Don't an entry to the start menu, 1 = Add an entry to the start menu)

In section [LU_CONFIG]:
CONNECT_LU_SERVER= (0 = Don't run LiveUpdate at the end of the install - this overrides the RUNLIVEUPDATE property, 1 = Use the default behavior for running LiveUpdate)

In section [FEATURE_SELECTION], the following entry are valid:
SAVMain= (0 = Don't install feature, 1 = Install this feature)
EMailTools= (0 = Don't install feature, 1 = Install this feature)
OutlookSnapin= (0 = Don't install feature, 1 = Install this feature)
NotesSnapin= (0 = Don't install feature, 1 = Install this feature)
Pop3Smtp= (0 = Don't install feature, 1 = Install this feature)
ITPMain= (0 = Don't install feature, 1 = Install this feature)
Firewall= (0 = Don't install feature, 1 = Install this feature)
PTPMain= (0 = Don't install feature, 1 = Install this feature)
COHMain= (0 = Don't install feature, 1 = Install this feature)
DCMain= (0 = Don't install feature, 1 = Install this feature)

In section [UIRebootMode]
Valid values
0 - default will pop-up reboot with Y/N option if needs reboot
1 - display pop-up; do reboot when UI level is f,u or s
3 - no pop-up, no reboot when UI level is f,u,or s

Windows Security Center features
These properties allow for the configuration of the interaction between users and the Windows Security Center (WSC) running on Windows® XP Service Pack 2.

Note: These properties apply to unmanaged clients only.

WSCCONTROL= (0 = No action, 1 = Disable once, 2 = Disable always, 3 = Restore if disabled)
Allows an administrator of a non-managed network to configure the WindowsSecurityCenterControl value.

WSCAVALERT= (0 = Disable, 1 = Enable, Default is 0 = Disable)
Allows an administrator of a non-managed network to configure the AntiVirusDisableNotify value for Windows Security Center.

WSCAVUPTODATE= (Integer value between 1 and 90, Default is 30)
Allows an administrator of a non-managed network to configure the number of days used to determine if threat definitions are up to date for Windows Security Center.

DISABLEDEFFENDER = (0 = Does not disable Windows Defender, 1 = Disables Windows Defender)

Symantec Endpoint Protection Features
Core - Symantec Management Client, Symantec Network Access Control, and other components required for all installations.

SAVMain - AntiVirus and AntiSpyware Protection
    EMailTools - Antivirus Email Protection
      NotesSnapin - Lotus Notes Scanner
      OutlookSnapin - Microsoft Outlook Scanner
      Pop3Smtp - POP3/SMTP Scanner (not supported on 64-bit platforms)
    Rtvscan - required feature for AntiVirus support

    SymProtectManifest - required feature for AntiVirus support
PTPMain - Proactive Threat Protection
    COHMain - TruScan
    DCMain - Application and Device Control (not supported on 64-bit platforms
ITPMain - Network Threat Protection
    Firewall - Firewall and Intrusion Prevention

Note: The Pop3Smtp feature is not installed on Server OSes such as Windows 2003.

Important consideration when selecting features
As documented in our installation guide, we have a number of dependencies when it comes to the selection of features in the SEP client installation. Specifically: "COHMain and DCMain require two parents. COHMain is Proactive Threat Scan and requires PTPMain and SAVMain. DCMain, which is Application and Device Control, requires PTPMain and ITPMain."

The MSI installer will not compensate for these dependencies, and any lacking feature not only will result in a broken installation, but MSIEXEC will not return any fault condition on the missing components.

The diagram below shows the various dependencies:

Adding and removing features
To remove existing features:


To add new features:

ADDLOCAL=<feature1>,<feature2>,<feature3>, <existing feature 1>,
<existing feature 2>, etc.

Note: When adding new features using ADDLOCAL, any existing features on the target computer that you want to retain must be included or the installation will remove any features on the target computer that are not listed.

For instructions on how to silently remove Symantec Endpoint Protection:

Reading Installer logs
The common installer logs are SEP_INST.LOG, SNAC_INST.LOG, or SEPM_INST.LOG. These are standard MSI log files. You can search for an installer failure point by doing a text search for the string "value 3" (CTRL+F = find in Notepad). This is important in determining installer and migration failures, especially in silent scenarios. A small sample of common errors and messages are “This version of Symantec Endpoint Protection requires Internet Explorer 6 or later.” or “This version of Symantec Endpoint Protection does not support 64-bit platforms. Please install Symantec Endpoint Protection for Win64 instead.”

Note: Please have the installer log file and error message available when contacting Symantec Support.

Command line example
This example demonstrates a silent Symantec Endpoint Protection installation. LiveUpdate is not run, and the system is not restarted even if it is required.

Sample command lines:

To install unattended without a reboot and a log generated with the name "log.txt":

setup /s /v"/l*v log.txt /qn RUNLIVEUPDATE=0 REBOOT=REALLYSUPPRESS"

To silently remove email tools from a SEP client:
setup.exe /s /V"REMOVE=EMailTools /qn"

To silently remove the Firewall from a SEP client:
MsiExec.exe /I {product GUID from registry} /qn REMOVE="Firewall"

To silently add the Firewall to a SEP client:
MsiExec.exe /I{product GUID from registry} /qn ADDLOCAL="Firewall"

References:This document is available in the following languages:

  • print this documentDocument ID:2007101610183248
    Last Modified:07/20/2010

    rate this document
    Does this document answer your question?
    Maybe, need to test
    None of the above
    Is this document well written and easy to use?
    Submit specific suggestions to improve the quality of this document.

    Product(s): Endpoint Protection 11
    Operating Systems(s): Windows 2000 Professional, Windows 2000 Server/Advanced Server, Windows XP Home Edition, Windows XP Professional Edition, Windows Server 2003 Web/Standard/Enterprise/Datacenter Edition, Windows Vista, Windows XP Professional x64 Edition, Windows Server 2003 x64 Edition, Windows Vista x64 Edition
    Date Created: 10/16/2007
  •   © 1995-2014 Symantec Corporation. All rights reserved. feedback | legal notices | privacy policy