Upgrade cloud-managed Symantec Agents to version 14.2 RU2 MP1 or later

With Broadcom’s recent announcement that the Symantec Enterprise Security business has officially joined Broadcom, we are committed to making this transition as smooth as possible for our customers.
Customers may encounter a loss of agent-to-cloud console communication depending on one of
two
scenarios:
  • You use the cloud-based Symantec Endpoint Security to manage your Symantec Agents.
  • You use Symantec Endpoint Security to manage your clients and policies when your on-premises Symantec Endpoint Protection Manager domains are enrolled in the cloud console.
You do not need to upgrade if:
  • You use the on-premises Symantec Endpoint Protection Manager entirely to manage your clients.
  • You do
    not
    use proxy servers in your cloud-managed environment.
If you do not upgrade, the agents will not communicate with the cloud console and cannot receive policy updates.
The following table covers each product configuration, the required upgrade version, and the deadline for completion:
Product
Version Required
Deadline
Cloud-Managed Symantec Agent
14.2 RU2 MP1
build 5569
(14.2.5569.2100) and later
May 4, 2020
Hybrid-Managed Symantec Endpoint Protection Manager
14.2 RU2 MP1
build 5569
(14.2.5569.2100) and later
May 4, 2020
Hybrid-Managed Symantec Agent
N/A
N/A
Hybrid-Managed Symantec Agent with App Isolation and App Control
14.2 RU2 MP1
build 5587
(14.2.5587.2100) and later
May 4, 2020
On-Premises-Managed Symantec Agent
N/A
N/A
For those customers experiencing issues, Broadcom will continue to assist you to receive support and remain entitled as we work through the transition.
Follow these two steps:
Step
Description
Step 1: Upgrade Cloud-Managed Symantec Agents to version 14.2 RU2 MP1 (build 14.2.5569.2100) or Hybrid-Managed Symantec Agents with App Isolation and App Control to version 14.2 RU2 MP1 (build 14.2.5587.2100).
If the System policy is already configured to upgrade Windows agents automatically on the latest or previous release channel, you do not have to do anything. Use this method if you have 5,000 or fewer Windows devices.
All devices must be restarted for the change to take effect.
Step 2: Add Symantec Endpoint Security URLs to the allow list if you use proxy servers
To allow URLs in either fully cloud-managed or hybrid-managed agents, you add them to the Allow List in Symantec Endpoint Security.
  1. Step 1:
    To upgrade Symantec Agents automatically, go to
    Endpoint
    >
    Policies
    >
    <policy name>
    System Policy
    .
  2. Under
    Client Upgrade Settings
    , turn on
    Allow Client Upgrade
    to enable it and select
    Show Advanced
    .
  3. Set the
    Release channel
    to either
    Previous release channel
    or
    Latest release channel
    .
  4. Select
    Save Policy
    and then
    Yes
    to apply the changes to the applied groups.
  5. To update Symantec Agents manually, in the cloud console, go to
    Endpoint
    >
    Devices
    >
    Managed Devices
    >
    Installation Package
    .
    Use the installation package creator, which then creates redistributable packages.
    For more information, see:
  6. To upgrade Symantec Endpoint Protection clients (hybrid-managed) manually, in the Symantec Endpoint Protection Manager, go to
    Clients
    >
    Install a client
    .
  7. Step 2:
    To add Symantec Endpoint Security URLs to the allow list, go to
    Endpoint
    >
    Policies
    >
    <policy name>
    Allow List Policy
    .
  8. In the Allow List policy, next to
    Excluded by Domain
    , select
    Add
    , add the following URLs one at a time, and select
    Add
    .
    us.spoc.securitycloud.symantec.com
    eu.spoc.securitycloud.symantec.com
    (add if you have devices in Europe).
  9. Select
    Save Policy
    and then
    Yes
    to update the policy and apply it to existing groups.