The following steps should be taken on all computers on which you install the client.
To prepare your computers for installation
Uninstall third-party virus protection software. Symantec does not recommend that you run two virus protection programs on the same computer. The programs can affect the performance and effectiveness of Symantec Endpoint Protection Small Business Edition.
Follow your company's software removal procedure to uninstall your third-party virus protection programs. For example, you can use the Windows Add or Remove Programs tool to uninstall the programs.
See your third-party documentation for information about uninstalling the virus protection programs.
See your Windows documentation for information about the Add or Remove Programs tool.
Uninstall your Symantec legacy virus protection software if you do not plan to migrate the settings.
See your Symantec documentation for information on uninstalling the legacy virus protection software.
Set administrative rights to your client computers. To install the client software, you need administrative rights to the computer or to the Windows domain. If you do not want to provide users with administrative rights to their computers, use Remote Push Installation to remotely install the client software. Remote Push Installation requires you to have local administrative rights to the computers.
Client installation upgrades the MSI to version 3.1, which requires administrative rights. If all your computers are upgraded to MSI 3.1, your users only require elevated privileges to install the client.
Preparing for remote deployment Remote deployment requires some additional steps in order to ensure successful deployment. These steps require knowledge of how to configure Windows firewalls.
Preparing firewalls for remote deployment Windows firewalls can interfere with remote client installation and deployment. In order to prevent interference, you must configure firewalls to send and receive traffic on specific TCP ports, and you must disable Windows Firewall on Windows XP, Windows Server 2003, or Windows Server 2008.
To permit servers to send and receive traffic on Symantec Endpoint Protection TCP ports
Permit the server to send traffic from TCP ports 1024-5000 to tcp ports 139 and 145 on the clients. Stateful inspection permits the return traffic automatically.
Permit the clients to receive traffic from the server TCP ports 1024-5000 on TCP port 139. You must permit the clients to send traffic from TCP port 139 to TCP ports 1024-5000 on the server.
For legacy communications, open UDP port 2967 on all computers.
To configure Windows Firewall If your computers run Windows XP, Windows Server 2003, or Windows Server 2008, perform one of the following tasks:
Disable Windows Firewall on the computers.
Leave Windows Firewall enabled, and configure the firewall rules to open ports to permit deployment.
Note: On Windows XP with Service Pack 1, the Windows firewall is called Internet Connection Firewall.
Imported Document ID: TECH91144
Subscribing will provide email updates when this Article is updated. Login is required.