Symantec Endpoint Protection Block SCCM Office Updates

Recently I’ve got an issue with SCCM agent couldn’t install any office update.
While investigating the issue, I saw other updates installed without any problem.
Looking at the event viewer reveal error 11406 – installation couldn’t wright to Browser Helper Objects registry key:

After hours of searching, I saw the following policy in Symantec Endpoint Protection:

It looks like someone activate Prevent registration of new Browser Helper Objects under application and device control policy.
In order to resolve the issue, I created the following Registry Access Attempts condition to allow the installation to complete:

Leave a Reply

Your email address will not be published. Required fields are marked *