Upgrade best practices for Endpoint Protection 14.x
The following resources help you to plan and perform an optimal upgrade to the current version of
Symantec Endpoint Protection(SEP). Follow the recommended best practices and be aware of any potential issues and risks.
Benefits of upgrading to the latest version
To get the latest security features, operating system support, and customer fixes, upgrade to the latest version. For information on what features each version offers, see:
Important information for the latest version
System requirements and release notes
Review carefully before you upgrade:
Before the upgrade, use the Symantec Diagnostic tool to determine whether the computers meet minimum system requirements.
If you plan to upgrade your operating system, be sure to first upgrade
Symantec Endpoint Protectionto a version that supports the operating system. Leaving an unsupported version of
Symantec Endpoint Protectionin place when you upgrade the operating system can have unexpected results.
Supported and unsupported upgrade paths
Make sure that the currently installed version can be migrated or upgraded to the new version. Review the following articles:
Important installation and upgrade information
Things to know before you get started
The following table lists the recommended routine maintenance tasks you should perform before you upgrade. Maintenance may include disk error checks, defragmentation of the hard drive, or other routine health checks.
Insufficient disk space
Ensure that that the management server enough disk space to perform the upgrade. For a successful
Symantec Endpoint Protection Managerupgrade, free space should be at least three times the size of the database. Consult the system requirements for the free space that is required to install the
Symantec Endpoint Protectionclient.
Ensure that you have made the proper exclusions to any peripheral firewall or proxy to ensure successful communication with all Symantec servers.
You may need to create additional scanning exclusions before you deploy the client upgrade.
Steps to upgrade
For general information on upgrading
Symantec Endpoint Protection, see Upgrading and Migrating to the Latest Release of Symantec Endpoint Protection (SEP).
For information on upgrading, see:
Back up before you upgrade
As a best practice, always back up the
Symantec Endpoint Protection Managerdatabase before an upgrade.
Upgrade Clients with Packagewizard to upgrade existing Windows and Mac clients.
You may want to schedule AutoUpgrade for after hours, due to possible bandwidth usage. You can stage client packages on a web server, and then run
Upgrade Clients with Package. There are alternate methods to deploy the upgrade package as well, such as through the Client Deployment Wizard.
Fresh install of Symantec Endpoint Protection Manager 14
You can use the Communication Update Package to connect existing clients, both 12.1.x and 14, to a new installation of the
Symantec Endpoint Protection Manager14. For example, if you decommission an existing server, and install
Symantec Endpoint Protection Managerto a new server instead. Create a new client installation setting that resets client-server communications settings, and then deploy the Communication Update Package in the same way as clients:
Help > Getting Started Page > Install the client software on your computers.
See About the Windows client installation settings. You can also reset the client-server communications settings for Mac computers with a client installation setting.
After the clients are connected, you can upgrade the clients with AutoUpgrade.
Symantec Endpoint Protectionclients can be used to protect virtual instances of the supported operating systems.
Symantec Endpoint Protection Managercan be installed and managed on virtual instances of the supported operating systems.
Symantec Endpoint Protectionincludes additional management options for virtual clients, such as Shared Insight Cache and a separate configuration option for purging offline non-persistant GVMs.
Disaster recovery preparation
Before you begin the upgrade, ensure that you have backed up the current
Symantec Endpoint Protection Managerinstallation using disaster recovery preparation techniques. If the upgrade then fails, you can restore the
Symantec Endpoint Protection Managerto functionality more quickly.
To recover an installation after a failure, due to database schema and other changes, you must reinstall using the exact version previously in use.
Frequently asked questions (FAQs)
Q: Where do I get the current version of
Symantec Endpoint Protection?
A: From the Broadcom Support Portal. See the following page for guidance:
Contact Technical Support for additional assistance: Symantec Endpoint Security
Q: How do I activate my license?
A: After you log on to
Symantec Endpoint Protection Manager, click
Help > Getting Started Page, under
Q: What are the upgrade methods? When should each method be used?
A: There are many methods available to upgrade clients. Second, decide which method is most appropriate for the situation. Every situation is different, so Symantec provides many different methods for accomplishing this goal:
- AutoUpgrade: Assign client packages to groups in the management console, either manually or by using theUpgrade Clients with Packagewizard.
- Local installation from the installation file or installation media.
- Run the Client Deployment Wizard from the management console. The Client Deployment Wizard walks you through the creation of a client package. You can then choose to deploy by emailing a web link to users, by a remote push. You can also save the package for local installation or with a third-party deployment tool.
Before you begin, ensure the client computers are ready to receive an upgrade package:
Q: What's the recommended migration order? What do I upgrade first in my environment?
A: The recommended order is to upgrade is as follows:
- Symantec Endpoint Protection Managers
- Group Update Providers
- The remaining clients as needed
Q: Can I continue to manage Windows 2000 and Symantec Endpoint Protection 11.x clients?
Q: How can I generate a list of Symantec Endpoint Protection versions installed in my environment?
A: Generate this list using