Upgrading and Migrating to the Latest Release of Symantec Endpoint Protection (SEP)
Learn how to update to the latest release of Symantec Endpoint Protection.
Use this topic to upgrade to the latest release of SEP 14.x and take advantage of the new features. This information is specific to upgrading the software in environments where a compatible version of the product is already installed.
Before you upgrade, review the following information:
Step 1: Download the latest version from the Broadcom Download Center
For links and information, see:
Before you upgrade the Symantec Endpoint Protection Manager (SEPM) and the Symantec Endpoint Protection clients, make sure you maximize the protection of your network during the upgrade by following these best practices:
For more information, see:
Step 2: Back up the database and prepare for disaster recovery
Back up the database, logs, and recovery file that
Symantec Endpoint Protection Manageruses to ensure the integrity of your client data. These steps are different depending on your version. See:
Step 3: Stop the
Symantec Endpoint Protection Managerservice
You must manually stop the management server service on all sites before you install a newer version. The management server service stops the Syslog service or similar service that runs on the SEPM and which could potentially lock SEPM files or folders and cause the upgrade to fail. After you upgrade, the management server automatically starts the service.
If the management server replicates with other management servers, make sure that replication does not occur during the period that you upgrade the SEPM and that the management server service is stopped. See:
Step 4: Upgrade the
Symantec Endpoint Protection Managersoftware
Install the new version of
Symantec Endpoint Protection Managerover the existing version on all sites in your network. The existing version is detected automatically, and all settings are saved during the upgrade. See:
Enrolling a domain in the cloud console from the Symantec Endpoint Protection Manager
If you enrolled a Symantec Endpoint Protection Manager domain into the ICDm cloud console (hybrid management) before the upgrade, the domain remains enrolled during the upgrade process. You can also enroll any domain after the upgrade. See:
Step 5: Upgrade Symantec client software
You do not need to uninstall previous clients before you install the new version. The over install process saves the client settings, and then upgrades the client to the latest version. You should first update a group with a small number of test computers before you update your entire production network.
If you use clients as Group Update Providers, you must upgrade them first. See:
Review the applicable steps in the following topics:
Then choose from one of the available methods to upgrade clients: