It is necessary to convert an unmanaged Symantec Endpoint Protection (SEP) for Macintosh client into a managed client.
Export communications settings (sylink.xml) from the target client group within the Symantec Endpoint Protection Manager (SEPM), then copy it to the Desktop of the Macintosh you wish to make managed.
In SEP 12.1 there is a SyLinkDrop tool you can use to copy the sylink.xml file to the SEP Macintosh client. This tool is installed along with the SEP Macintosh client in the Symantec folder: /Library/Application Support/Symantec/SMC/tools/SyLinkDrop. It can also be found in the product source files under \Tools\SylinkDrop\Mac but this version may not be as up-to-date as the one installed with the SEP client (See SyLinkDrop for Macintosh generates an error "Fail to replace Sylink file")
You must use the SyLinkDrop tool that matches your version. The tool from 12.1 RU4 and RU5 will not work to convert older SEP clients, and vice-versa. This is due to differences in the SEP master service that SyLinkDrop tries to restart after replacing the sylink.xml - see Technical Information below on how to manually stop/start the smclient or symdaemon.
- On the Macintosh where SEP is installed, navigate to /Library/Application Support/Symantec/SMC/tools/ and double-click on SyLinkDrop.
- Click "Browse" to browse for the sylink.xml file previously exported from the SEPM.
- Press "Update SyLink" to update. You will be prompted to input your admin password.
- If successful, you will see the message: "Replace SyLink File Successfully"
- Press "Exit" to close the application.
For all versions of SEP, you may also manually place the sylink.xml file into the appropriate folder on the Macintosh client computer per the following instructions:
- Open the Symantec Endpoint Protection Manager (SEPM) console.
- Click on the Clients tab, and then right-click on the group that the SEP for Mac client should reside in once converted to managed.
- Choose "Export Communications Settings", and when prompted, save the file to a location such as the Desktop. (Note: the file will have a long name prefaced with the group information. Please rename the file so that it is only called "sylink.xml".)
- On the client computer that's going to be converted to a managed client, for 12.1 RU2 and earlier stop the smcdaemon, and for 12.1 RU4 or RU5 stop the symdaemon (see Technical Information below).
- Copy the sylink.xml file to the client machine, pasting it into the following folder: /Library/Application Support/Symantec/SMC/
(See image below). NOTE: there are multiple Library folders on Mac systems, the correct one can be found in Finder>Go>Computer in the computer's hard drive.
- Reboot the computer, or restart the smcdaemon (or symdaemon) on the Macintosh.
If the SEPM console is not accessible, the sylink.xml file can be obtained using the instructions provided in the document 'How to change a Symantec Endpoint Protection client from unmanaged to managed in MR1 and MR2.' (see link below), substituting "Temporary" for the name of the group that the Macintosh client should join.
From Terminal command line:
For 12.1 RU2 and earlier, to stop and start the smcdaemon:
sudo /Library/StartupItems/SMC/smclient --stop (Note: There is a space after sudo and before --stop)
sudo /Library/StartupItems/SMC/smclient --start (Note: There is a space after sudo and before --start)
For 12.1 RU4 and newer, to stop and start the symdaemon:
sudo launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
sudo launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
Note: when prefacing the command with sudo, you be prompted for your administrator password, which does not echo in the Terminal window. The asterisk in daemon pathnames will accommodate suffix variations - SEP 12.1.x uses .plist and SEP 14.0 uses .NFM.plist