Configuring SEP 11.x for deployment as part of a drive image

Article:TECH110241  |  Created: 2008-01-18  |  Updated: 2014-10-08  |  Article URL
Article Type
Technical Solution



You need to create a drive image with Symantec AntiVirus (SAV) or Symantec Endpoint Protection (SEP) already installed. These instructions are for Windows clients; for Macintosh clients see Deploying Symantec Endpoint Protection for Macintosh as part of a drive image.



Note that these steps are for Symantec Endpoint Protection version 11.x -- for SEP 12.1 instructions, see How to prepare a Symantec Endpoint Protection 12.1 client for cloning.

Warning: The following instructions call for modification of a registry key. Before making any modifications to the Windows Registry, Symantec recommends making a registry backup first.

Every installation of the Symantec Endpoint Protection Client creates a globally unique identifier (GUID) for that installation when the "Rtvscan" service first starts. If you use a computer with the Symantec Endpoint Protection client to create a drive image, and if that image is used to create clones of that computer on the same network, then each computer will have the same GUID. This can cause problems in the Symantec Endpoint Protection Manager (SEPM), such as the following:

  • Clients do not appear.
  • Clients randomly appear and disappear.

You can prevent these problems by creating a drive image that does not have a Symantec Endpoint Protection Client GUID.

  1. Install the operating system, and install all of the patches required. Do not install the Symantec Endpoint Protection Client.
  2. Install any other software needed except the Symantec Endpoint Protection Client that will be on the image.
  3. Install the Symantec Endpoint Protection Client after all of the other installations are complete.
  4. Before you save the image, stop the Symantec Management Client (SmcService) and start the Registry Editor (regedit.exe)
  5. Locate and delete the following registry value:

    HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
  6. Locate and delete the following file:

    C:\Program Files\Common Files\Symantec Shared\HWID\sephwid.xml
  7. Exit the "Registry Editor." The hard drive is now prepared for imaging.
    Note: Do not restart SmcService or restart the computer into Windows.

  8. Create the image with your preferred disk imaging software.

When the computer starts again, SmcService checks for the GUID value, and when it determines that it does not exist, it generates a new one.

If you have computers that were already deployed with identical GUID values, you can delete the GUID value on each computer, as described above. This can be done with a batch file, a login script, or a group policy object.


Legacy ID


Article URL

Terms of use for this information are found in Legal Notices