Converting a Symantec Endpoint Protection managed client to a cloud-managed Symantec Agent using Host Integrity
You can convert your Symantec Endpoint Protection Manager-managed Symantec Endpoint Protection clients to cloud-managed Symantec Agents using a Host Integrity policy with a custom requirement. When you use this method, Broadcom provides a Host Integrity policy .dat file that you import and edit.
Step 1: Create and download a Symantec Agent installation package
Create a separate installation package for each device group.
- In the SES cloud console, create an installation package with the following settings:
- ForOperating System, selectWindows Workstation 64-bit.Note: The 64-bit package works for both 32-bit and 64-bit devices.
- Specify theDevice Group.
- ForInstallation Type, select either the defaultOnline installation packageorFull installation package creator. See:
- SelectAdvanced Optionsand select the following options:
- Server-optimized installation
- Install to the default installation folder
- On theSoftware removal settingspage, selectDo not uninstall existing software.
- On theRestart settingspage, selectNo restart.
- SelectDownload Package.
- Save each agent installation package to a web server that the clients that are to be migrated can access.
Step 2: Import a Host Integrity policy with a predefined custom requirement
On the Symantec Endpoint Protection Manager (SEPM), you import a Host Integrity policy that copies each Symantec Agent installation package from the web server to each device group. The policy's custom requirement then runs the Symantec_Agent_setup.exe file on each device and converts the Symantec Endpoint Protection client to a cloud-managed agent.
- Download the attachedMigrate_SEP_Client_to_ICDm.zipfile to your SEPM computer and extract the following .dat files:
- UseUpgrade SEP Client and Migrate to ICDm - online packageto upgrade an earlier version of the SEP client to a later version of the Symantec Agent and then migrating to cloud management. This installation package has theOnline installation packageoption selected.
- UseMigrate SEP Client to ICDm - full packagemigrate a SEP client to the same version of a Symantec Agent, and then migrating to cloud management. This installation package has theFull installation package creatoroption selected.
- In SEPM, clickPolicies>Host Integrity>Import a Host Integrity policyand import the appropriate.dat file.To add the custom requirement script from scratch, see:
- Open either theUpgrade SEP Client and Migrate to ICDmor theMigrate SEP Client to ICDmpolicy, clickRequirements, and double-click theMigrate SEP Client to ICDmcustom requirement:
- In theCustomized Requirementdialog box, double-clickFile: Download a Fileand change the URL to the web server where you copied the Symantec_Agent_setup.exe file.
- Double-clickUtility: Run a program, and change the path to where the Symantec Endpoint Protection client is installed.For theUpgrade SEP Client and Migrate to ICDm - online packagepolicy: If the client computer requires a password for installation, add it; otherwise remove the -p<password>.
- ClickOKand assign the policy to the appropriate group.
- Copy and paste either a duplicate policy or a duplicate requirement for each agent installation package that you created.
The Host Integrity policy is set to run after 30 minutes. After the policy runs and the Symantec Agent is installed, you may see the following message:
Step 3: Check that the agent connects to the cloud
After the devices restart, most clients connect to the Symantec Endpoint Security cloud console immediately. You can view the agent-to-cloud console connection status in both the on-premises SEPM and the SES cloud console.
- In SEPM, clickClients>Clientstab, and select one of the target client groups.
- The client'sHealth StateisOffline.
- Right-click the client and clickEdit Properties. TheDeployment statusand Deployment message displaysClient has been set to cloud management.After the record expires on SEPM, it is deleted.
- In the SES cloud console, go toDevices>Managed Devices. In theSecurity Statuscolumn, the status appears asAt Riskuntil the device restarts. However, you can manage the agent from the cloud console immediately.