We were working with a particularly problematic Symantec EndPoint Protection endpoint that always caused the user’s account to lock out when they came back into the office with their laptop.
The lockout would happen only after they had plugged into another network to gain access to the Internet. With the v11.x client we removed the Administrator Scan in the SEP Console on the management server and the problem went away.
But, once we replaced the backend and the client on this machine the lockout behaviour came back. Removing the Administrator Scan from the management console did not remove the lockout behaviour in this version as it had for v11.x.
So, we opened a case with Symantec and obtained a copy of the CleanWipe utility.
Once we ran the utility we said Yes to all of the options and then waited, and waited, and waited. The last warning indicated 30 minutes or more to run the registry clean-up be we were not getting anywhere after 2 hours.
In the end we needed to use Task Manager to kill ccSvcHst.exe process and then rename it in Windows Explorer as in the snip above. The CleanWipe process continued on from there by requesting a restart.
The whole process took 3 reboots to complete.
Once done we were able to install the SEP v12.x client.
Now, hopefully whatever was causing the lockout problem will be gone.
Microsoft Small Business Specialists
Co-Author: SBS 2008 Blueprint Book