Upgrading client software with AutoUpgrade

Overview
AutoUpgrade lets you automatically upgrade the
Symantec Endpoint Protection
client software on the Windows or Mac clients in a group.
With AutoUpgrade, Windows standard clients receive a delta upgrade package that
Symantec Endpoint Protection Manager
creates. This package is smaller than the full installation package. Windows that are embedded or VDI clients always receive the full installation package. These clients do not maintain a copy of the installer in the installer cache. Mac clients always receive the full installation package.
AutoUpgrade Best Practices
Use the following best practices for using AutoUpgrade:
  • Test the AutoUpgrade process before you attempt to upgrade a large number of clients in your production network. If you do not have a test network, you can create a test group within your production network. For this kind of test, you add a few non-critical clients to the test group and then upgrade them by using AutoUpgrade.
  • To reduce bandwidth during peak hours, schedule AutoUpgrade for after hours in the
    Upgrade Clients with Package
    wizard, especially for client groups with reduced-size clients. For wide area networks, you should also set up the remote clients to receive the upgrade package from a remote web server.
  • As of 14.3 RU2, LiveUpdate downloads client installation packages with critical fixes or security fixes that you can install without a change to the client version. For example, if you had installed 14.3 RU2 build 4870, and 14.3 RU2 build 5200 becomes available, you use the AutoUpgrade wizard to install build 5200. You do not need to upgrade the management server; just the clients. You still must restart the client after each upgrade.
  • As of 14.3 RU2, both the Symantec Endpoint Protection clients and the Symantec Endpoint Protection Manager is localized in the following five languages only: English, French, Spanish, Portuguese, and Japanese. If you are using one of the five supported languages, no action is required; you can upgrade as usual. You can automatically upgrade the client language to English if the previous client's language is unavailable. If you choose a non-English language, the clients with an unsupported language do not get upgraded. This option is off by default. To enable this option, click
    Clients
    page >
    Install Packages
    page, click
    Add a Client Install Package
    >
    Upgrade to English if unsupported language is unavailable
    . This option applies to the Windows client only.
  • Since AutoUpgrade was first included in the Mac client with
    Symantec Endpoint Protection
    14, you cannot upgrade with AutoUpgrade from a version earlier than 14.
  • After you upgrade
    Symantec Endpoint Protection Manager
    , run LiveUpdate in the console at least once before you use AutoUpgrade to upgrade the clients.
  • AutoUpgrade can only install the Application Hardening feature (14.2 and later) on client computers when the following conditions are met:
    • You must enable
      Maintain existing client features when updating
      when you run
      Upgrade Clients with Package
      . This setting is enabled by default.
    • The client computer cannot have the Symantec Data Center Security agent installed.
    • The Virus and Spyware Protection feature is currently installed and selected for upgrade.
  • If you want to change between the Windows client installation types:
    Standard client
    ,
    Embedded or VDI
    ,
    Dark network
    , at a later time after client installation, you
    must
    first uninstall the existing client software, reconfigure these settings, and then reinstall the new client package. You cannot change this setting using AutoUpgrade.
Configuring the AutoUpgrade Wizard
  1. To upgrade client software with AutoUpgrade, in the console, click
    Admin
    >
    Install Packages
    .
  2. Under
    Tasks
    , click
    Upgrade Clients with Package
    .
  3. In the
    Upgrade Clients Wizard
    panel, click
    Next
    , select the appropriate client installation package, and then click
    Next
    .
  4. Select the group or groups that contain the client computers that you want to upgrade, and then click
    Next
    .
  5. Select from where the client should download the package from the following options:
    • To download from the
      Symantec Endpoint Protection Manager
      server, click
      Download from the management server
      .
    • To download from a web server that is local to the computers that need to update, click
      Download from the following URL (http or https)
      . Enter the URL of the client installation package into the provided field.
  6. Click
    Upgrade Settings
    to specify upgrade options.
  7. On the
    General
    tab, under
    Client Settings
    , choose from the following options, depending on the client operating system:
    • For Windows:
      • In the
        Select the version for this package
        to choose a build (as of 14.3 RU2).
      • Use the drop-down menus to select options for
        Maintain existing client features when updating
        and
        Install Settings
        . If you deselect
        Maintain existing client features when updating
        , you can optionally add or remove features when upgrading.
    • For Mac, use the drop-down menu to select options for
      Install Settings
      .
    • For Windows,
      Content Selection
      lets you include content in the installation package. If you include content, the package is larger, but the client has up-to-date content immediately after installation. If you do not include content, the package is smaller, but the client must get content updates after installation.
    You can also add an optional upgrade schedule. Without a schedule, the AutoUpgrade process begins after the wizard completes.
  8. On the
    Notification
    tab, customize the user notification settings.
    You can customize the message that is displayed on the client computer during the upgrade. You can also allow the user to postpone the upgrade.
  9. Click
    OK
    , and then click
    Next
    .
  10. In the
    Upgrade Clients Wizard Complete
    panel, click
    Finish
    .
  11. To confirm the version number of the client software, after the upgrade completes, you can check the version to confirm a successful upgrade in one of the following ways:
    • In the console, click
      Clients > Clients
      , select the appropriate group, and change the view to
      Client Status
      .
    • On the Windows client, in the
      Symantec Endpoint Protection
      client interface, click
      Help
      >
      About
      .
    • On the Mac client, open the
      Symantec Endpoint Protection
      client interface. In the menu bar, click
      Symantec Endpoint Protection
      > About
      Symantec Endpoint Protection
      .
The client computer must restart after the upgrade. By default, the clients restart after installation. You can configure the restart options in the group's general settings to control how the clients in a group restart after AutoUpgrade. You can also restart the clients at any time by running a restart command from the management server.
Configuring the Client Upgrade policy (Optional)
As of 14.3 RU3, you can upgrade a subset of the clients within a security group on different days for a measured rollout. You use the Client Upgrade policy and the following location conditions to target these subgroups: host name, user name, group name, whether a file exists, or operating system. For example, you can upgrade Windows 8 computers in the middle of the night when users are offline.
The Client Upgrade policy provides more granular schedule settings that overrides the upgrade schedule settings in the AutoUpgrade wizard. The policy retains all other AutoUpgrade wizard settings. You apply the Client Upgrade policy to the same group to which you apply the AutoUpgrade wizard.