This document contains answers to common questions about migrating from Symantec AntiVirus 10.x to Symantec Endpoint Protection 12.1.x.
What should I think about in advance before I begin migrating my Symantec AntiVirus environment to Symantec Endpoint Protection?
Consider several factors before you begin your migration:
- Do you have the resources to create a test migration environment?
Creating such an environment is highly beneficial before you begin migration so that you can test exactly how clients and servers are grouped, which settings are migrated, and the overall migration success rate.
- Can you perform a complete migration to Symantec Endpoint Protection?
If your network contains operating systems (such as Netware) that are not supported with Symantec Endpoint Protection, then Symantec System Center (and a primary antivirus server) must manage a subset of the clients and servers.
- Do you want to create new client groupings or use the existing groupings from Symantec System Center?
- How do you plan on migrating Symantec Endpoint Protection to your clients? Do you plan to use third party tools or the Migration and Deployment Wizard?
After you determine the method that you want to use to migrate your clients, you can determine whether to use certain Symantec Endpoint Protection features.
- Are there client settings that you must disable or reconfigure to ensure successful migration?
Some client settings such as scheduled scans must be disabled before you begin migration.
Before you begin migration, you must read the migration chapters in the Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control.
What are the steps to migrating Symantec AntiVirus to Symantec Endpoint Protection?
For specific steps to migrate Symantec AntiVirus to Symantec Endpoint Protection, see the knowledge base article Migrating from Symantec Client Security or Symantec AntiVirus.
Should I install the Symantec Endpoint Protection Manager console on the same computer as Symantec System Center?
You can install the Symantec Endpoint Protection Manager console on the same computer as Symantec System Center, but it is not required. If you plan on managing a large number of legacy Symantec clients, a best practice is not to install the Symantec Endpoint Protection Manager console on the same computer that runs Symantec System Center to avoid performance and communication problems.
Do I need to create a completely new infrastructure after migrating to Symantec Endpoint Protection Manager?
No. You can reuse the infrastructure that you created for Symantec System Center. During the migration process, you are asked how your clients inherit settings: whether from their server group or parent management server. The option you choose affects how legacy clients and servers appear in the Symantec Endpoint Protection Manager console based on the previous Symantec System Center infrastructure.
Are all client settings migrated?
No. Tamper Protection settings are not migrated. Tamper Protection settings are included in the client general settings rather than the AntiVirus and AntiSpyware policy. Also, you must reconfigure the settings that you disabled for migration, such as scheduled scans, LiveUpdate, and Quarantine purge.
Previously, migrating to newer versions of Symantec AntiVirus required a full product installation, which stressed bandwidth limitations over WAN links.
Have there been any changes in this process to limit the problems with bandwidth?
With Symantec Endpoint Protection, you can create installation packages that contain only the components that are necessary for the targeted clients. Additionally, you can stagger client deployments to minimize performance issues in your network.
Do I need to restart the Symantec Endpoint Protection client after migration?
A restart is not required, but the computers that are not restarted after migration are protected with only AntiVirus/AntiSpyware features. You must perform a restart to protect your computers with firewall features.
What versions of Symantec AntiVirus/Symantec Client Security can I migrate to Symantec Endpoint Protection?
Symantec Endpoint Protection 12.1.2 and later supports migration from Symantec AntiVirus 10.x (including Symantec AntiVirus 10.2 for Windows Vista) or Client Security 3.x.
Symantec Endpoint Protection 12.1 (12.1 RTM) through 188.8.131.52 (12.1 RU1 MP1) supports migration from Symantec AntiVirus 9.x or later, and Symantec Client Security 2.x or later.
Can I migrate Symantec AntiVirus 8.x and Symantec Client Security 1.x or older versions?
No. The client installation routine blocks the migration for these unsupported versions. You must uninstall the older version, then install Symantec Endpoint Protection. Before you do so, you should ensure that Symantec Endpoint Protection supports the operating system platform. If Symantec Endpoint Protection does not support the operating system, you may want to continue using Symantec System Center to manage these clients, or consider an upgrade to a supported operating system.
What happens if the migration fails?
If the migration fails, you can analyze the installation log to determine why it failed. The Windows Installer and Migration and Deployment Wizard create log files that can be used to verify whether or not an installation was successful. The log files list the components that were successfully installed, and provide a variety of details that are related to the installation package. If the installation is not successful, an entry indicates that the installation failed. Typically, look for Value 3 to find failures. The log file (vpremote.log) that is created when you use the Migration and Deployment Wizard is located in the \\Windows\temp directory.
Are exclusions migrated?
Yes. During migration, when you select to inherit settings from the server group or parent management server, those exclusion settings are migrated to centralized exceptions in the Symantec Endpoint Protection Manager console. If you migrate clients individually by running the installation on the local client, client exclusion settings are not migrated.
Is there a report that shows me migration progress?
Yes. You can run a report from the Reports Page. Choose Computer Status as the Report Type, and select Client Migration as the report to run. The following information is available:
- Client Migrations by Group
- Migrated Clients that were kept in the Same Group
- Clients Waiting to Migrate
How long does it take to migrate my environment?
The answer to this question varies. Symantec recommends that you create a test environment where you can understand and become proficient with how migration works, i.e. which settings to configure before migrating, how policies are migrated, and where they appear in the Symantec Endpoint Protection Manager console. After you become comfortable with Symantec Endpoint Protection Manager and how Symantec AntiVirus policies are translated in the new environment, you should perform migration in stages to ensure that your network remains protected.
Are there any best practices for migration?
The following are best practices for migrating Symantec AntiVirus to Symantec Endpoint Protection
- Perform a site survey to determine which clients should be migrated to Symantec Endpoint Protection, and which clients should continue running Symantec AntiVirus.
- Create a migration test environment where you can test migration procedures and results before you run the migration in your production environment.
- If you have a large number of legacy Symantec AntiVirus clients and servers to manage, install the Symantec Endpoint Protection Manager on a different computer than the one running Symantec System Center.
You should refer to the Installation Guide for Symantec Endpoint Protection and Symantec Network Access Control for more information on migration best practices.
What kind of success rate should I expect when migrating from Symantec AntiVirus to Symantec Endpoint Protection?
The more thorough that you perform pre-migration analysis and tasks, the better your success rate during migration. For example, if you ensure that scheduled scans are disabled on your clients, the chance that those clients migrate successfully increases. Additionally, if you create a migration test environment before you migrate to your production environment, you can greatly increase the migration success rate of your clients.
If supported versions of Sygate and Symantec AntiVirus are installed on the same computer, does a migration to Symantec Endpoint Protection upgrade both products?
Yes. As long as both Sygate and Symantec AntiVirus versions can be migrated. Only Symantec Endpoint Protection 12.1 (12.1 RTM) through 184.108.40.206 (12.1 RU1 MP1) support the migration from Sygate 5.1 or earlier.