Converting a Symantec Endpoint Protection managed client to a cloud-managed Symantec Agent using Host Integrity

You can convert your Symantec Endpoint Protection Manager-managed Symantec Endpoint Protection clients to cloud-managed Symantec Agents using a Host Integrity policy with a custom requirement. When you use this method, Broadcom provides a Host Integrity policy .dat file that you import and edit.
Step 1: Create and download a Symantec Agent installation package
Create a separate installation package for each device group.
  1. In the SES cloud console, create an installation package with the following settings:
    1. For
      Operating System
      , select
      Windows Workstation 64-bit
      : The 64-bit package works for both 32-bit and 64-bit devices.
    2. Specify the
      Device Group
    3. For
      Installation Type
      , select either the default
      Online installation package
      Full installation package creator
      . See:
  2. Select
    Advanced Options
    and select the following options:
    1. Silent
    2. Server-optimized installation
    3. Install to the default installation folder
  3. On the
    Software removal settings
    page, select
    Do not uninstall existing software
  4. On the
    Restart settings
    page, select
    No restart
  5. Select
    Download Package
  6. Save each agent installation package to a web server that the clients that are to be migrated can access.
Step 2: Import a Host Integrity policy with a predefined custom requirement
On the Symantec Endpoint Protection Manager (SEPM), you import a Host Integrity policy that copies each Symantec Agent installation package from the web server to each device group. The policy's custom requirement then runs the Symantec_Agent_setup.exe file on each device and converts the Symantec Endpoint Protection client to a cloud-managed agent.
  1. Download the attached
    file to your SEPM computer and extract the following .dat files:
    • Use
      Upgrade SEP Client and Migrate to ICDm - online package
      to upgrade an earlier version of the SEP client to a later version of the Symantec Agent and then migrating to cloud management. This installation package has the
      Online installation package
      option selected.
    • Use
      Migrate SEP Client to ICDm - full package
      migrate a SEP client to the same version of a Symantec Agent, and then migrating to cloud management. This installation package has the
      Full installation package creator
      option selected.
  2. In SEPM, click
    Host Integrity
    Import a Host Integrity policy
    and import the appropriate.dat file.
    To add the custom requirement script from scratch, see:
  3. Open either the
    Upgrade SEP Client and Migrate to ICDm
    or the
    Migrate SEP Client to ICDm
    policy, click
    , and double-click the
    Migrate SEP Client to ICDm
    custom requirement:
  4. In the
    Customized Requirement
    dialog box, double-click
    File: Download a File
    and change the URL to the web server where you copied the Symantec_Agent_setup.exe file.
  5. Double-click
    Utility: Run a program
    , and change the path to where the Symantec Endpoint Protection client is installed.
    For the
    Upgrade SEP Client and Migrate to ICDm - online package
    policy: If the client computer requires a password for installation, add it; otherwise remove the -p
  6. Click
    and assign the policy to the appropriate group.
  7. Copy and paste either a duplicate policy or a duplicate requirement for each agent installation package that you created.
The Host Integrity policy is set to run after 30 minutes. After the policy runs and the Symantec Agent is installed, you may see the following message:
Step 3: Check that the agent connects to the cloud
After the devices restart, most clients connect to the Symantec Endpoint Security cloud console immediately.  You can view the agent-to-cloud console connection status in both the on-premises SEPM and the SES cloud console.
  1. In SEPM, click
    tab, and select one of the target client groups.
    1. The client's
      Health State
    2. Right-click the client and click
      Edit Properties
      . The
      Deployment status
      and Deployment message displays
      Client has been set to cloud management
      After the record expires on SEPM, it is deleted.
  2. In the SES cloud console, go to
    Managed Devices
    . In the
    Security Status
    column, the status appears as
    At Risk
    until the device restarts. However, you can manage the agent from the cloud console immediately.