Upgrading and Migrating to the Latest Release of Symantec Endpoint Protection (SEP)

Learn how to update to the latest release of Symantec Endpoint Protection
Use this topic to upgrade to the latest release of SEP 14.x and take advantage of the new features. This information is specific to upgrading the software in environments where a compatible version of the product is already installed.
Before you upgrade, review the following information:
Process for upgrading
Symantec Endpoint Protection
Step 1: Download the latest version from the Broadcom Download Center
Before you upgrade the Symantec Endpoint Protection Manager (SEPM) and the Symantec Endpoint Protection clients, make sure you maximize the protection of your network during the upgrade by following these best practices:
  • Symantec recommends that you do not perform third-party installations simultaneous to the upgrade of Symantec Endpoint Protection. Installing third-party software that makes network- or system-level changes may cause undesirable results when you upgrade Symantec Endpoint Protection.
  • If possible, restart client computers before installing or upgrading Symantec Endpoint Protection.
  • If you migrate to Windows 10 at the same time as you upgrade from Symantec Endpoint Protection version 12.1.6 or earlier, you must migrate Symantec Endpoint Protection first. For more information, see Endpoint Protection Support for Windows 10.
  • Symantec recommends that you upgrade the entire network to the current version of Symantec Endpoint Protection, rather than manage multiple versions.
Step 2: Back up the database and prepare for disaster recovery
Back up the database, logs, and recovery file that
Symantec Endpoint Protection Manager
uses to ensure the integrity of your client data. These steps are different depending on your version.
Step 3: Stop the
Symantec Endpoint Protection Manager
You must manually stop the management server service on all sites before you install a newer version. The management server service stops the Syslog service or similar service that  runs on the SEPM and which could potentially lock SEPM files or folders and cause the upgrade to fail. After you upgrade, the management server automatically starts the service.
If the management server replicates with other management servers, make sure that replication does not occur during the period that you upgrade the SEPM and that the management server service is stopped.
Step 4: Upgrade the
Symantec Endpoint Protection Manager
Install the new version of
Symantec Endpoint Protection Manager
over the existing version on all sites in your network. The existing version is detected automatically, and all settings are saved during the upgrade.
If you enrolled a Symantec Endpoint Protection Manager domain into the ICDm cloud console (hybrid management) before the upgrade, the domain remains enrolled during the upgrade process. You can also enroll any domain after the upgrade.
Enrolling a domain in the cloud console from the Symantec Endpoint Protection Manager
Step 5: Upgrade Symantec client software
You do not need to uninstall previous clients before you install the new version. The over install process saves the client settings, and then upgrades the client to the latest version. You should first update a group with a small number of test computers before you update your entire production network.
If you use clients as Group Update Providers, you must upgrade them first. Upgrading Group Update Providers
Review the applicable steps in Preparing for client installation and Preparing Windows and Mac computers for remote deployment. Then choose from one of the available methods to upgrade clients: