Sunday, December 18, 2016

Symantec Endpoint Protection Block SCCM Office Updates

Recently I've got an issue with SCCM agent couldn't install any office update.
While investigating the issue, I saw other updates installed without any problem.
Looking at the event viewer reveal error 11406 - installation couldn't wright to Browser Helper Objects registry key:


After hours of searching, I saw the following policy in Symantec Endpoint Protection:


It looks like someone activate Prevent registration of new Browser Helper Objects under application and device control policy.
In order to resolve the issue, I created the following Registry Access Attempts condition to allow the installation to complete: