Add or remove features to existing Endpoint Protection clients

Article:TECH90936  |  Created: 2008-01-18  |  Updated: 2014-11-24  |  Article URL http://www.symantec.com/docs/TECH90936
Article Type
Technical Solution


Issue



This article describes how to add features to, or remove features from, existing Symantec Endpoint Protection (SEP) clients without uninstalling and re-installing them. For example, only virus and spyware protection is installed on the clients, and now it is necessary to add Network Threat Protection (NTP), Proactive Threat Protection (PTP), Intrusion Prevention System (IPS) or Application and Device Control (ADC).

SEP's PTP, Firewall, and IPS components can effectively block an attacker who is able to compromise a computer defended by SEP's antivirus alone. For more information, watch Blocked by Symantec Endpoint Protection.


Solution



Managed clients

For managed clients, the installation features can be modified for an entire group through the SEPM (enterprise edition only).

  1. In the SEPM console, click Admin.
  2. Click Install Packages on the bottom.
  3. Click Client Install Feature Set on the top.
  4. If a feature set that meets the required needs does not exist, then choose Add Client Install Feature Set.
  5. Give the feature set a unique name.
  6. Select the features needed: Antivirus/Antispyware, Network Threat Protection, Proactive Threat Protection.
  7. Choose OK.
  8. On the left, click Clients.
  9. Select the group with the SEP clients in it, and then click the Install Packages tab in the right pane.
  10. Under Tasks, choose Add Client Install Package.
  11. In that screen, select the correct package in the drop down menu for use with this group (32 bit or 64 bit base install files). Both packages can be separately assigned to the same group.
  12. Uncheck Maintain existing client features when updating.
  13. Below that, select the feature set needed from the dropdown menu.
  14. If Upgrade Schedule is not selected, then clients will receive the instructions to change their installation when they check in with the manager. This launches MSIEXEC on the client.
  15. After the installation completes, a restart is required if the change installs or uninstalls Network Threat Protection.

Unmanaged and individual clients

For unmanaged clients, or to change a managed client on an individual basis local to that managed client, use Add or Remove Programs (or Programs and Features) to change the installation.

Note: If the client resides in a group that has had a feature set assigned to it, it will revert to that feature set upon the next successful heartbeat.

  1. Open Add or Remove Programs.
  2. Select Symantec Endpoint Protection, and then click Change.
  3. Click Next.
  4. Select Modify, and click Next.
  5. Use the drop-down menus next to the individual component to either "This feature will be installed...", "This feature, and all subcomponents, will be installed...", or "This feature will not be available."
  6. Click Next.
  7. Click Install to modify the installation.
  8. After the installation completes, a restart is required if the change installs or uninstalls Network Threat Protection.

Network overhead considerations

As each existing SEP client already contains all components (whether or not they are installed) and the version is not being upgraded, no installation files are actually sent over the network. No network bandwidth or traffic spikes should occur when changing the installed feature set.

Best practices

Because of the rise of drive-by threats and compromises of trusted Web sites, Symantec strongly recommends running Intrusion Prevention System (IPS) on all clients. For more information, read Intrusion Prevention System technology best practices.

Maximize protection

Administrators sometimes deploy SEP with only the traditional signature-based AntiVirus component. The additional optional components (Network Threat Protection, Intrusion Prevention System, Application and Device Control, Proactive Threat Protection) greatly enhance SEP’s ability to defend against today’s sophisticated threats. SEP 12.1’s Insight technology is particularly effective against the very latest threats for which no AntiVirus signatures yet exist. Unless there is a compelling reason to, each of these additional components should be deployed throughout the organization.




Legacy ID



2008111808135348


Article URL http://www.symantec.com/docs/TECH90936


Terms of use for this information are found in Legal Notices