Prepare Endpoint Protection clients for cloning
search cancel

Prepare Endpoint Protection clients for cloning

book

Article ID: 180552

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

 You need to know the steps and tools / utilities required to prepare Symantec Endpoint Protection (SEP) clients for cloning or composing a VDI golden image.

Resolution

This document lists the best practices for cloning a SEP 14/14.2/14.3.x client in either a physical, or virtual, environment. If you do not follow these best practices, then cloned Endpoint Protection clients will have duplicate identifiers, which will result in problems with management and inaccuracies in reporting.

NOTE: For 14.3 RU6+, this tool has been replaced by the SMC -Image command. See RU6 section below.

Prepare clients for cloning using smc.exe (14.3 RU6 and above)

  1. Install the operating system, needed applications, and all relevant patches
  2. Install the Endpoint Protection client and update with the latest available definitions
  3. Open a command using Run as Administrator and run the following: start smc -image

For Symantec Endpoint Security (SES) clients, see Installing Symantec Agent on a client device without automatically enrolling it.

These instructions are for Windows clients; for Macintosh clients, see Deploying Endpoint Protection for Mac as part of a drive image for cloning.

Prepare clients for cloning using ClientSideClonePrepTool (14.3 RU5 and Below)

  1. Install the operating system, needed applications, and all relevant patches
  2. Install the Endpoint Protection client and update with the latest available definitions
  3. Download and extract the tool for your client version: 14.3 RU4 and below - ClientSideClonePrepTool.zip; 14.3 RU5 - 1658944830786__ClientSideClonePrepTool_14_3_5.zip
  4. In SEP 14.0 RU1 and above, turn off the Application Hardening feature for this client, otherwise the clone prep tool might be blocked when Hardening Enforcement policies are applied
  5. Disable Tamper Protection or create a Tamper Protection Exception for the complete tool path: e.g. C:\TEMP\ClientSideClonePrepTool.exe
  6. Run ClientSideClonePrepTool.exe (You must be logged on as a Windows administrator.)

Note: For Windows 10 32-bit/64-bit, the ClientSideClonePrepTool.exe tool needs to be run with elevated privileges (e.g. "Run as administrator").

This tool removes all Symantec Endpoint Protection client identifiers and leaves the Symantec Endpoint Protection services stopped. Using this tool should be the last step in the image preparation process, before running Sysprep and/or shutting down the system. Shut down the system after running clone prep; do not restart. If the system or the Symantec Endpoint Protection client services are restarted, then new identifiers are generated and you must run the tool again before cloning.

Silently prepare clients for cloning using manual steps

The ClientSideClonePrepTool does not run silently, but you can script the following steps as a silent alternative. If you script these steps, you must disable Tamper Protection on the Symantec Endpoint Protection client.

  1. Run smc -stop
  2. Delete all instances of sephwid.xml and communicator.dat on the file system. Possible locations:
    • C:\
    • C:\Program Files\Common Files\Symantec Shared\HWID\
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\
    • C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData\
    • C:\Users\All Users\Symantec\Symantec Endpoint Protection\PersistedData
    • C:\Windows\Temp\
    • C:\Documents and Settings\*\Local Settings\Temp\
    • C:\Users\*\AppData\Local\Temp\
  3. Delete the following registry values:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ForceHardwareKey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID

      NOTE That these values on 64-bit systems have been moved in Symantec Endpoint Protection 12.1 RU5 to HKLM\SOFTWARE\Wow6432Node. 14.3 RU5 and higher will use the above keys as it is a native 64-bit client.
      NOTE Tamper protection will need to be disabled in policy to edit and clear these values.

Note: Disable Tamper Protection when using smc -image.

Attachments

1658944830786__ClientSideClonePrepTool_14_3_5.zip get_app
ClientSideClonePrepTool.zip get_app