How to add or remove features to existing Symantec Endpoint Protection (SEP) client installations

Article:TECH90936  |  Created: 2008-01-18  |  Updated: 2014-01-03  |  Article URL http://www.symantec.com/docs/TECH90936
Article Type
Technical Solution


Issue



How to add features to, or remove features from, existing SEP clients without uninstalling and reinstalling the clients.  For example, only virus and spyware protection is installed on the clients, and now it is necessary to add Network Threat Protection (NTP), Proactive Threat Protection (PTP), Intrusion Prevention System (IPS), and Application and Device Control (ADC).


Solution



For managed clients, the installation features can be modified for an entire group through the Symantec Endpoint Protection Manager (Enterprise Edition).

To modify installed features for managed clients

  1. In Symantec Endpoint Protection Manager (SEPM), click Admin.
  2. Click Install Packages on the bottom.
  3. Click Client Install Feature Set on the top.
  4. If a feature set that meets the required needs does not exist, then choose Add Client Install Feature Set.
  5. Give the feature set a unique name.
  6. Select the features needed (Antivirus/Antispyware, Network Threat Protection, Proactive Threat Protection).
  7. Choose OK.
  8. On the left, click Clients.
  9. Select the group with the SEP clients in it, and then click the Install Packages tab in the right pane.
  10. Under Tasks, choose Add Client Install Package.
  11. In that screen, select the correct package in the drop down menu for use with this group (32 bit or 64 bit base install files). Both packages can be separately assigned to the same group.
  12. Uncheck Maintain existing client features when updating.
  13. Below that, select the feature set needed from the dropdown menu.
  14. If Upgrade Schedule is not selected, then clients will receive the instructions to change their installation when they check in with the manager. This launches MSIEXEC on the client.
  15. After the installation completes, a restart is required if the change installs or uninstalls Network Threat Protection.

 

For unmanaged clients, or to change a managed client on an individual basis local to that managed client, use Add or Remove Programs (or Programs and Features) to change the installation. Note: if the client resides in a group that has had a feature set assigned to it, it will revert to that feature set upon the next successful heartbeat.

To modify installed features for an individual client

  1. Open Add or Remove Programs.
  2. Select Symantec Endpoint Protection, and then click Change.
  3. Click Next.
  4. Select Modify, and click Next.
  5. Use the drop down menus next to the individual component to either "This feature will be installed...", "This feature, and all subcomponents, will be installed...", or "This feature will not be available."
  6. Click Next.
  7. Click Install to modify the installation.
  8. After the installation completes, a restart is required if the change installs or uninstalls Network Threat Protection.

 

Technical Information

Network overhead considerations

As each existing SEP client already contains all components (whether or not they are installed) and the version is not being upgraded, no installation files are actually sent over the network. No network bandwidth or traffic spikes should occur when changing the installed feature set.

Best practices
Because of the rise of drive-by threats and compromises of trusted Web sites, Symantec strongly recommends running Intrusion Prevention System (IPS) on all clients. For more information on this subject, read the document Best Practices regarding Intrusion Prevention System technology.

Maximize Protection

Administrators sometimes deploy SEP with only the traditional signature-based AntiVirus component.  The additional optional components (Network Threat Protection, Intrusion Prevention System, Application and Device Control, Proactive Threat Protection) greatly enhance SEP’s ability to defend against today’s sophisticated threats.  SEP 12.1’s Insight technology is particularly effective against the very latest threats for which no AntiVirus signatures yet exist.  Unless there is a compelling reason to, each of these additional components should be deployed throughout the organization.




Legacy ID



2008111808135348


Article URL http://www.symantec.com/docs/TECH90936


Terms of use for this information are found in Legal Notices