Upgrading client software with AutoUpgrade
AutoUpgrade lets you automatically upgrade the
Symantec Endpoint Protectionclient software on the Windows or Mac clients in a group.
With AutoUpgrade, Windows standard clients receive a delta upgrade package that
Symantec Endpoint Protection Managercreates. This package is smaller than the full installation package. Windows that are embedded or VDI clients always receive the full installation package. These clients do not maintain a copy of the installer in the installer cache. Mac clients always receive the full installation package.
AutoUpgrade Best Practices
Use the following best practices for using AutoUpgrade:
- Test the AutoUpgrade process before you attempt to upgrade a large number of clients in your production network. If you do not have a test network, you can create a test group within your production network. For this kind of test, you add a few non-critical clients to the test group and then upgrade them by using AutoUpgrade.
- To reduce bandwidth during peak hours, schedule AutoUpgrade for after hours in theUpgrade Clients with Packagewizard, especially for client groups with reduced-size clients. For wide area networks, you should also set up the remote clients to receive the upgrade package from a remote web server.
- As of 14.3 RU2, LiveUpdate downloads client installation packages with critical fixes or security fixes that you can install without a change to the client version. For example, if you had installed 14.3 RU2 build 4870, and 14.3 RU2 build 5200 becomes available, you use the AutoUpgrade wizard to install build 5200. You do not need to upgrade the management server; just the clients. You still must restart the client after each upgrade.
- As of 14.3 RU2, both the Symantec Endpoint Protection clients and the Symantec Endpoint Protection Manager is localized in the following five languages only: English, French, Spanish, Portuguese, and Japanese. If you are using one of the five supported languages, no action is required; you can upgrade as usual. You can automatically upgrade the client language to English if the previous client's language is unavailable. If you choose a non-English language, the clients with an unsupported language do not get upgraded. This option is off by default. To enable this option, clickClientspage >Install Packagespage, clickAdd a Client Install Package>Upgrade to English if unsupported language is unavailable. This option applies to the Windows client only.
- Since AutoUpgrade was first included in the Mac client withSymantec Endpoint Protection14, you cannot upgrade with AutoUpgrade from a version earlier than 14.
- After you upgradeSymantec Endpoint Protection Manager, run LiveUpdate in the console at least once before you use AutoUpgrade to upgrade the clients.
- AutoUpgrade can only install the Application Hardening feature (14.2 and later) on client computers when the following conditions are met:
- You must enableMaintain existing client features when updatingwhen you runUpgrade Clients with Package. This setting is enabled by default.
- The client computer cannot have the Symantec Data Center Security agent installed.
- The Virus and Spyware Protection feature is currently installed and selected for upgrade.
- If you want to change between the Windows client installation types:Standard client,Embedded or VDI,Dark network, at a later time after client installation, youmustfirst uninstall the existing client software, reconfigure these settings, and then reinstall the new client package. You cannot change this setting using AutoUpgrade.
Configuring the AutoUpgrade Wizard
- To upgrade client software with AutoUpgrade, in the console, clickAdmin>Install Packages.
- UnderTasks, clickUpgrade Clients with Package.
- In theUpgrade Clients Wizardpanel, clickNext, select the appropriate client installation package, and then clickNext.
- Select the group or groups that contain the client computers that you want to upgrade, and then clickNext.
- Select from where the client should download the package from the following options:
- To download from theSymantec Endpoint Protection Managerserver, clickDownload from the management server.
- To download from a web server that is local to the computers that need to update, clickDownload from the following URL (http or https). Enter the URL of the client installation package into the provided field.
- ClickUpgrade Settingsto specify upgrade options.
- On theGeneraltab, underClient Settings, choose from the following options, depending on the client operating system:
You can also add an optional upgrade schedule. Without a schedule, the AutoUpgrade process begins after the wizard completes.
- For Windows:
- In theSelect the version for this packageto choose a build (as of 14.3 RU2).
- Use the drop-down menus to select options forMaintain existing client features when updatingandInstall Settings. If you deselectMaintain existing client features when updating, you can optionally add or remove features when upgrading.
- For Mac, use the drop-down menu to select options forInstall Settings.
- For Windows,Content Selectionlets you include content in the installation package. If you include content, the package is larger, but the client has up-to-date content immediately after installation. If you do not include content, the package is smaller, but the client must get content updates after installation.
- On theNotificationtab, customize the user notification settings.You can customize the message that is displayed on the client computer during the upgrade. You can also allow the user to postpone the upgrade.
- ClickOK, and then clickNext.
- In theUpgrade Clients Wizard Completepanel, clickFinish.
- To confirm the version number of the client software, after the upgrade completes, you can check the version to confirm a successful upgrade in one of the following ways:
- In the console, clickClients > Clients, select the appropriate group, and change the view toClient Status.
- On the Windows client, in theSymantec Endpoint Protectionclient interface, clickHelp>About.
- On the Mac client, open theSymantec Endpoint Protectionclient interface. In the menu bar, click.Symantec Endpoint Protection> AboutSymantec Endpoint Protection
The client computer must restart after the upgrade. By default, the clients restart after installation. You can configure the restart options in the group's general settings to control how the clients in a group restart after AutoUpgrade. You can also restart the clients at any time by running a restart command from the management server.
Configuring the Client Upgrade policy (Optional)
As of 14.3 RU3, you can upgrade a subset of the clients within a security group on different days for a measured rollout. You use the Client Upgrade policy and the following location conditions to target these subgroups: host name, user name, group name, whether a file exists, or operating system. For example, you can upgrade Windows 8 computers in the middle of the night when users are offline.
The Client Upgrade policy provides more granular schedule settings that overrides the upgrade schedule settings in the AutoUpgrade wizard. The policy retains all other AutoUpgrade wizard settings. You apply the Client Upgrade policy to the same group to which you apply the AutoUpgrade wizard.