Upgrading to
Symantec Endpoint Security
from
Symantec Endpoint Protection

Contents

Upgrade to
Endpoint Security
from an earlier version if you are an existing
Symantec Endpoint Protection
customer and want to manage clients and policies entirely from the cloud.
Endpoint Security
offers flexible management options for hybrid-managed (Symantec Endpoint Protection 14.2) and fully cloud-managed versions.
For a checklist to upgrade, see:

Steps to upgrade to
Endpoint Security

Unlike the upgrade of an on-premises
Symantec Endpoint Protection
environment to a later version, you do not download
Symantec Endpoint Security
. Instead you use an auto-provisioned tenant in the Symantec Endpoint Security cloud console. If you have a sign in issue with the cloud tenant, please contact Broadcom customer support or your sales representative to purchase
Symantec Endpoint Security
.
Use this upgrade path for version 12.1.6 MP5 and later clients.
  1. Sign in to Symantec Endpoint Security.
  2. Create an installation package in the cloud console. See:
  3. Install the installation package on the devices that you want to manage with the cloud. You can also take specific steps to convert existing
    Symantec Endpoint Protection Manager
    client computers to cloud-managed devices. See:
  4. Export your policies from
    Symantec Endpoint Protection Manager
    , and then import them into
    Endpoint Security
    . See:
For more information, see:

Benefits of upgrading to Endpoint Security

With
Endpoint Security
, you can have a fully cloud-managed solution without needing to install an on-premises management server.
Endpoint Security
bypasses the
Symantec Endpoint Protection Manager
and manages the devices directly from the
Integrated Cyber Defense Manager
.
You can manage Antimalware, Intrusion Prevention, Firewall, Device Control, and Memory Exploit Mitigation from
Endpoint Security
. These policies replace the existing policies in
Symantec Endpoint Protection Manager
.
Endpoint Security
continues to add other policies, such as Host Integrity. In addition, with
Symantec Endpoint Security
Complete, you get additional features such as Secure Connection and Mobile Security.
For more information, see:
Some of the key features include:
  • Fully cloud-delivered service
  • Artificial Intelligence-guided security management
  • Product widgets and customized views
  • New reporting engines
For more information, see:

Should I wait to upgrade to
Symantec Endpoint Security
?

  • If you run 14.1 or later, are not enrolled in the cloud, and want to continue to use
    Symantec Endpoint Protection Manager
    , continue to upgrade the
    Symantec Endpoint Protection Manager
    on-premises versions. Do not migrate to
    Endpoint Security
    . See:
  • If you run 14.1 or later, are not enrolled in the cloud, but want to manage from the cloud, use
    Endpoint Security
    right away. Do not enroll a
    Symantec Endpoint Protection Manager
    domain in the cloud first.
  • If you run versions 14.1 or later and are already enrolled in the cloud, use your Symantec Security Cloud account to sign on to the
    Integrated Cyber Defense Manager
    . You can use
    Endpoint Security
    right away. You can manage existing 14.1 to 14.2 clients and new Symantec Agents that you deploy from the
    Endpoint Security
    .
  • If you run versions 12.1.6.x through 14.0, you can upgrade directly to
    Symantec Endpoint Security
    . You can import supported policies from
    Symantec Endpoint Protection Manager
    . See:
  • If you run versions 12.1 through 12.1.5, you cannot migrate directly to
    Endpoint Security
    . Instead, you use
    Endpoint Security
    right away.
  • Migration is blocked from
    Symantec Endpoint Protection
    version 11.x or
    Symantec Endpoint Protection
    Small Business Edition 12.0. You must first upgrade to version of 12.1.6.x, or uninstall the older
    Symantec Endpoint Protection Manager
    .
    Symantec Endpoint Protection Manager
    displays a warning for 11.x or 12.0 to 14 migrations. See:
For more information, see:
Symantec recommends using one of the following approaches to upgrade to this release:
  1. Upgrade all devices to the 14.2 RU1 client at one time.
  2. Upgrade critical devices on the on-premises 14.2.x
    Symantec Endpoint Protection Manager
    and upgrade non-critical and new devices to
    Endpoint Security
    . After you finalize your organization's cloud strategy and
    Endpoint Security
    has more feature parity with
    Symantec Endpoint Protection
    14.2, then upgrade all devices to
    Endpoint Security
    .

Important information for the latest version

The following table lists the latest operating system support, upgrade information, and steps to upgrade.
Best practices for upgrading
Issue
Description
System requirements and release notes
Supported and unsupported upgrade paths
  • Ensure that the currently installed version can be migrated or upgraded to the new version.
  • Endpoint Security
    supports the following policies on the Symantec Mac Agent: IPS and Antimalware.
  • Endpoint Security
    supports the following policies on the Symantec Linux Agent. See:
Client installation information
  • Endpoint Security
    and
    Symantec Endpoint Protection
    use the same client. In the on-premises
    Symantec Endpoint Protection Manager
    , it is called the
    Symantec Endpoint Protection
    client. In the cloud-managed
    Endpoint Security
    , it is called the Symantec Agent.
    Endpoint Security
    supports version 14.2 MP1 (14.2.2486.1000) and later clients.
    Endpoint Security
    does not support 14.1 and earlier clients.
  • You can install the Windows client directly over an earlier release. However, for the Mac client, you must manually uninstall the earlier version of the client first. Whether you install the Windows client or the Mac client, the client wipes out any settings that the clients get from
    Symantec Endpoint Protection Manager
    . See:
  • The installation process automatically enrolls each device in the cloud console, so that the client and the cloud console communicate with each other. The devices appear in the
    Default
    device group, unless otherwise specified.
  • Make sure that all potential clients have access to Symantec cloud resources, whether directly, by proxy for the devices, or by proxy for the clients.
  • Document which user-defined settings the on-premises
    Symantec Endpoint Protection
    clients use (such as in the Firewall and Exceptions policies) so that you can configure them in the cloud-managed client later. You cannot export these user-defined settings from the
    Symantec Endpoint Protection Manager
    for import to the
    Endpoint Security
    cloud console.
  • If you need to find the devices that do not have the client installed on them, you use a different process. You can use device discovery to find devices with no client installed, and then push enrollment to enroll/install the client. See:
  • If third-party security software already exists on your devices, you should remove it first before you install the Symantec agent. In the client installation package, select the software removal option called
    Automatically uninstall existing third-party security software
    . See:
  • Restart the devices after you install the Symantec agents.
  • To upgrade the Windows client to get new features each month, you set up the AutoUpgrade feature in the System Policy. To upgrade the Mac client, you reinstall the latest version of the Mac client.
    Endpoint Security
    plans to support AutoUpgrade for the Mac client. See:
  • You can get a rough idea of the number of clients you can enroll based on your organization's bandwidth and the bandwidth that each feature uses. See:
Upgrade information
  • As of Q3 2019, you cannot import client groups from earlier versions; you must recreate them as device groups. Devices with the client software are added automatically in the
    Default
    group. If you need more device groups, you create child groups, and move the devices from the
    Default
    group to the new groups. See:
  • You cannot apply an
    Endpoint Security
    policy to an enrolled 14.2 group.
  • You must open additional ports for client-to-cloud communication. See:
  • You cannot manage legacy 12.x clients after you install version 14.2 clients.
    Endpoint Security
    doesn't let you manage any features in
    Symantec Endpoint Protection Manager
    or any devices that
    Symantec Endpoint Protection Manager
    manages. Therefore, you can only continue to manage 12.x clients in a standalone environment until 12.1.6.x is no longer supported. At that point, you would have to upgrade all your agents to 14.x or
    Endpoint Security
    .

Frequently asked questions (FAQs)

Q: How does the cloud-managed
Endpoint Security
compare to the on-premises version 14.2.x and earlier?
You can view which features in
Endpoint Security
are equivalent to version 14.2.x and earlier, and which features are coming in the future. See:
Q: What is
Symantec Integrated Cyber Defense Manager
?
Integrated Cyber Defense Manager
is a security management console for the Symantec Integrated Cyber Defense platform that unifies many Symantec products across cloud and on-premises environments.
Integrated Cyber Defense Manager
provides a single point of control for policy management, monitoring, and reporting for these products. See:
Q: Should I start using
Symantec Endpoint Security
immediately?
It depends.
  • Existing customers who do not want to carry over their
    Symantec Endpoint Protection
    14.2 policies and want to create their policies from scratch can start using
    Endpoint Security
    immediately.
  • Existing customers (versions 14.0.1 through 14.2.x) who want to retain their
    Symantec Endpoint Protection Manager
    policies when they upgrade to
    Endpoint Security
    can now export them from
    Symantec Endpoint Protection Manager
    and import them in the cloud console. See:
  • New customers can start using
    Symantec Endpoint Security
    right away.
Q: Can I retain my
Symantec Endpoint Protection
14.2 policies in
Endpoint Security
?
You can import policies from
Symantec Endpoint Protection Manager
, as long as
Endpoint Security
has a cloud equivalent. For example, you cannot import the Integrations policy until the cloud supports it. Group migration from the on-premises
Symantec Endpoint Protection Manager
is planned for a future release. See:
Q: Can I have a mixed
Symantec Endpoint Protection
14 and
Symantec Endpoint Security
environment?
Yes. The simplest way to have both on-premises and cloud management is to have all cloud-managed devices managed by
Symantec Endpoint Security
and all on-premises managed devices managed by a
Symantec Endpoint Protection Manager
release between and including 14.0.1 and 14.2 RU1. You can still have visibility of both on-premises and cloud-managed devices and policies on
Integrated Cyber Defense Manager
.
Q: How often does
Endpoint Security
release new features?
Endpoint Security
releases new features and customer fixes about once a month as refreshes. The cloud console does not have a version number. However, the client version that you install and upgrade does change. See:
To find out what features are released each month, go to the
Endpoint
tab >
Settings
>
Product Updates
.
Q: Does my current license work on
Symantec Endpoint Security
?
A Symantec Endpoint Security Enterprise or Symantec Endpoint Security Complete license is required.
For
Symantec Endpoint Protection
14.0 and earlier, you obtain the serial number from the Broadcom portal. In the following article, follow the instructions in the section "How do I receive my
Symantec Endpoint Protection
14.x serial number?"
Q: If I use
Endpoint Security
for a period, can I go back to using
Symantec Endpoint Protection
?
Yes. If you migrate from
Symantec Endpoint Protection
to
Endpoint Security
, you can later revert back to managing with
Symantec Endpoint Protection Manager
. However, you must reinstall the management server if you uninstalled it. Make sure you make a backup of the database before you upgrade in case you need to perform disaster recovery later. See:
You can use the smc command to convert Windows clients back to management by
Symantec Endpoint Protection Manager
. See: