How to upgrade or migrate to Symantec Endpoint Protection 12.1.
To upgrade or migrate to Symantec Endpoint Protection 12.1, review the following information first:
- Upgrade order
- System requirements
- What's new
- Known Issues
- Supported migration paths
- Prepare Symantec Client Security or Symantec AntiVirus for migration
- Upgrade the Symantec Endpoint Protection Manager
- Manage product licenses
- Upgrade client software
System Requirements, Known Issues, What's New, and Supported Migration Paths
- The Known Issues documentation is continuously updated and should be thoroughly reviewed before performing the upgrade.
- These instructions apply to Enterprise and Small Business Editions, except where differences are noted. Some steps may be somewhat abbreviated. For more details at any point, please see the product implementation guides: Symantec Endpoint Protection Implementation Guide or Symantec Endpoint Protection Small Business Edition Implementation Guide.
See also Planning for Migration to Symantec Endpoint Protection Manager 12.1
Migration detects and migrates installations of the following Symantec legacy virus protection software:
• Symantec AntiVirus Corporate Edition 9.x and 10.x.
• Symantec Client Security 2.x and 3.x
• Symantec Endpoint Protection Small Business Edition 12.0
• Symantec Endpoint Protection 11.x *
• Symantec Sygate Enterprise Protection *
• Symantec AntiVirus for Mac *
* Legacy products marked with asterisk cannot be migrated to Small Business Edition. Also, you may migrate from a Small Business Edition to Enterprise version, but not the reverse.
NOTE: Migration of Symantec Endpoint Protection Manager 11 RU7 to 12.1 RTM is not supported. Migrations from 11.0 RU7 to 12.1 RU1 are supported. Migration of clients is supported in both versions.
If you need to know what versions of Symantec Endpoint Protection are installed on computers on your network, read the document Generating a list of the Symantec Endpoint Protection versions installed on the clients and servers in your network.
You may skip migration of legacy products as follows: Uninstall the legacy software from your computers. During Symantec Endpoint Protection Manager installation, cancel the migration option. After initial product installation, use Symantec Endpoint Protection Manager to adjust the group settings and policy settings, then deploy the Symantec Endpoint Protection client to the unprotected legacy computers.
Prepare Symantec Client Security or Symantec AntiVirus for migration
- Prepare Symantec Client Security or Symantec AntiVirus for migration: Disable scheduled scans, disable LiveUpdate, turn off Tamper Protection, turn off Roaming, Unlock server groups, and uninstall/delete Reporting servers.
- Migrate legacy group and policy settings using the Migration Wizard into an existing Symantec Endpoint Protection Manager (Start menu->Symantec Endpoint Protection Manager->Symantec Endpoint Protection Manager Tools->Migration Wizard).
- Verify migrated data.
- Import legacy license.
- Upgrade the Endpoint Protection Manager (if necessary), then deploy Endpoint Protection to legacy clients (see sections below).
Upgrade the Symantec Endpoint Protection Manager
- Back up the database.
- Turn off replication.
- If you have Symantec Network Access Control installed, enable local authentication.
- Remove any packages assigned to the client groups. In particular, if you have any packages with "Maintain existing client features when upgrading" unchecked, these packages must be removed. See Clients show "No Symantec protection technologies are installed" after migrating the SEPM from 11.x to 12.1
- If the setting "Protect client files and registry keys" is used, disable it from your Application and Device Control policy prior to the migration. WARNING: if this setting is not disabled you may face issues at a later stage when migrating your clients.
- Stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the service starts automatically. WARNING: If you do not stop the Symantec Endpoint Protection Manager service before you upgrade the server, you risk corrupting your existing Symantec Endpoint Protection database. NOTE: When you stop the management server service, clients can no longer connect to it. If clients are required to communicate with the management server to connect to the network, they are denied access until the management server service is restarted.
- Upgrade the Symantec Endpoint Protection Manager software. You must migrate all management servers before you migrate any clients. You are not required to restart the computer after migration, but you may notice performance improvements if you do. To migrate Symantec Sygate Enterprise Protection servers that use Host Integrity Policies or Enforcer protection, install the management server for Symantec Endpoint Protection first. Then, you repeat the installation procedure and install the management server for Symantec Network Access Control to gain access to the Host Integrity and Enforcer functionality
- Turn on replication after all Managers are upgraded.
Manage product licenses
Symantec Endpoint Protection 12.1 is licensed according to the number of Endpoint Protection clients that are needed to protect the endpoints at your site. Once the Symantec Endpoint Protection Manager is installed, you may immediately deploy clients. New Manager installations come with a trial license: you have 60 days to purchase and activate a license that covers all of your deployed clients. When migrating from an older version of Symantec Endpoint Protection (versions 11.x or 12.0), you start with an upgrade license that expires in 241 days. Note: Small Business Edition comes with a 30-day trial license, whether it is an upgrade or new installation.
- In the Symantec Endpoint Protection Manager console, click Admin, and then click Licenses.
- Under Tasks, click Activate license.
- Follow the instructions in the License Activation Wizard to complete the activation process.
Upgrade client software
NOTE: Clients that are Group Update Providers must be upgraded first (Group Update Providers are not a feature of Small Business Edition).
Review applicable steps in Steps to prepare computers to install Symantec Endpoint Protection 12.1 client, and choose from available methods to upgrade clients to Endpoint Protection 12.1:
• AutoUpgrade*--assign client packages to groups in the Manager console, either manually or by using the Upgrade Groups Wizard. Be sure that the SEPM is the same language as the package you are pushing and the client as this may cause AutoUpgrade to fail.
• Permit product updates in LiveUpdate Settings policy for a client group in the Manager console.*
• Local installation from product disc.
• Run the Client Deployment Wizard from the Manager console. It will walk you through the creation of a client package that can be deployed via a weblink and email, remote push, or saved for later local installation or deployment using third-party tools.
• For Symantec Endpoint Protection 12.1 Small Business Edition only, untick the check box "disable automatic client package updates". The function can be found in the SEPM SBE under Computers> right click on any group> properties.
* Methods marked with an asterisk are not available in Small Business Edition.