Endpoint Protection

Which is the best way to perform a migration of the Symantec System Center configuration to Symantec Endpoint Protection?

instal SEPM on another server , run Migration and deployment Wizard. Select the Migrate from Symantec AntiVirus.

Pete!

Do you really need to migrate your settings from SSC to SEP?
These two products are very different in their logic, migrating the settings works very well but the translation process is not so clear and this could disturb you in learnig how to use the new product and how it works.
For the above reasons, I generally suggest to start with a fresh SEP Manager installation especially in small and medium companies where the SSC does not have really complicate settings that needs to be saved.
If you really need to save your settings, you can find more details about the migration process in the installation_guide.pdf, you will find two possible settings translation... it is up to you select what fits better your situation.
In ANY case, you have to follow the "Preparation of legacy products for migration" chapter. It means you have to change some settings in your SAV 10 clients via the SSC to help the over installation with SEP 11.

If your server has enough resources, you can install SEPM in the same machine where SSC is installed. They can run together during the migration of the clients.

Hi,

      As rightly suggested you can install the endpoint manager console on the same machine on which SSC is installed however please do remember that in case of end point each machine is a client and you need to install endpoint client on the server on which you install the SEPM(Symantec Endpoint Protection Manager)  else it will not be protected and to install the endpoint client you will have to uninstall SSC from the Server however keep it in mind that this step should be performed at the LAST stage of the Migration process when all the clients have started reporting to the SEPM.

In case you need to migrate from Symantec System Center to end point you need to do the following :-

Migrations that are supported:

The client installation detects the following software and migrates the software
if it is detected:

Symantec AntiVirus client and server 9.x and later
Symantec Client Security client and server 2.x and later

Migrations that are blocked:

The client installation routines check for the existence of the following software
and blocks migration if this software is detected:

Symantec AntiVirus client and server 8.x and earlier
Symantec Client Security client and server 1.x
Symantec Client Firewall 5.0
Symantec System Center, all versions
Symantec Reporting Server 10.x
Confidence Online Heavy by Whole Security, all versions
Norton AntiVirus and Norton Internet Security, all versions

You must uninstall this software first and then install Symantec Endpoint
Protection clients.

Migrations that are not supported:

The following software is not migrated and can coexist on the same computer as
Symantec Endpoint Protection client software:

Symantec Client Firewall Administrator, all versions
LiveUpdate Server

To install the latest version of LiveUpdate Server, you must first uninstall the
legacy version.

Netware computers that run any version of Symantec AntiVirus
Netware operating systems are not supported with this version. You can
continue to protect these computers with legacy versions.
Symantec AntiVirus and Symantec Client Security client and the server that
runs on Itanium hardware

Itanium hardware is not supported with this version. Continue to protect these
computers with legacy versions.

Migrating Symantec AntiVirus and Symantec Client Security

About migrating Central Quarantine:

To migrate Central Quarantine Console and Server, you must uninstall the current
version and then install the new version of both components.

Preparing legacy installations for migration:

With the Symantec System Center, you must change settings for clients and
servers to simplify the migration process. For example, if a client runs an antivirus
scan during migration, migration is blocked until the scan finishes and the
migration may fail. Also, you need to disable the uninstallation password feature
for client software if it is enabled. If you do not, users are prompted to enter the
password in interactive mode.

Note: If you migrate groups and settings from the Symantec System Center, the
policies that are migrated for those groups include these modifications. You may
want to revert these settings after the migration. For example, you may want to
turn on scheduled scans. Also, you do not need to disable the uninstall password
if it is enabled. The migration ignores the password.

Preparing all legacy installations:

These procedures apply to all legacy software installations that are supported for
migration.

Note: If you use client groups that do not inherit settings, prepare these groups
the same way that you prepare server groups and management servers.

Disabling scheduled scans:

If a scan is scheduled to run and is running while the client migration occurs,
migration may fail. A best practice is to disable scheduled scans during migration
and then enable after migration.
To disable scheduled scans
1 In the Symantec System Center, do one of the following actions:

Right-click a management server.
Right-click a client group.

2 Click All Tasks > Symantec AntiVirus > Scheduled Scans.
3 In the Scheduled Scans dialog box, on the Server Scans tab, uncheck all
scheduled scans.
4 On the Client Scans tab, uncheck all scheduled scans, and then click OK.
5 Repeat this procedure for all primary management servers, secondary
management servers, and all client groups.

Configuring Central Quarantine and quarantined files:

Quarantine server no longer supports updates to client computers with the latest
definitions. Therefore, you do not want it to update client computers with the
latest definitions during a migration. Also, quarantined file migration is not
necessary.

To configure Central Quarantine and quarantined files:

1 In the Symantec System Center, right-click a server group.
2 Click All Tasks > Symantec AntiVirus > Quarantine Options.
3 In the Quarantine Options dialog box, click Purge Options.
4 In the Purge Options dialog box, set all time values to 1 day and set all
directory size limit values to 1 MB. Check all check boxes.
5 Click OK.
6 In the Quarantine Options dialog box, uncheck Enable Quarantine or Scan
and Deliver.
7 Under When new virus definitions arrive, check Do nothing, and then click
OK.
8 Repeat this procedure for all server groups if you have more than one.

Deleting histories
All histories are now stored in a database. History file deletion speeds the migration
process.
To delete histories
1 In the Symantec System Center, right-click a server group.
2 Click All Tasks > Symantec AntiVirus > Configure History.
3 In the History Options dialog box, change the Delete after values to 1 day.
4 Click OK.
5 Repeat this procedure for all server groups if you have more than one.
Migrating Symantec AntiVirus and Symantec Client Security

Disabling LiveUpdate
If LiveUpdate runs on client computers during migration, conflicts may occur.
Therefore, you must turn off LiveUpdate on client computers during migration.
To turn off LiveUpdate
1 In the Symantec System Center, right-click a server group.
2 Click All Tasks > Symantec AntiVirus > Virus Definition Manager.
3 In the Virus Definition Manager dialog box, check Update only the primary
server of this server group, and then click Configure.
4 In the Configure Primary Server Updates dialog box, uncheck Schedule for
Automatic Updates, and then click OK.
5 In the Virus Definition Manager dialog box, uncheck the following selections:
■ Update virus definitions from parent server
■ Schedule client for automatic updates using LiveUpdate
■ Enable continuous LiveUpdate
6 Check Do not allow client to manually launch LiveUpdate, and then click
OK.
7 Repeat this procedure for all server groups if you have more than one.

Turning off the roaming service
If the roaming service is running on client computers, the migration might hang
and fail to complete. If the roaming service is truned on, you must turn it off before
starting gthe migration.
Note: If your roaming clients run Symantec AntiVirus version 10.x, you must
unlock your server groups before you disable the roaming service. This practice
helps ensure that roaming clients are properly authenticated with certificates to
their parent server.
To turn off the roaming service
1 In the Symantec System Center, right-click a server group.
2 Click All Tasks > Symantec AntiVirus > Client Roaming Options.
3 In the Client Roaming Options dialog box, in the Validate parent every minutes
box, type 1.
4 In the Search for the nearest parent every minutes box, type 1, and then press
OK.
Migrating Symantec AntiVirus and Symantec Client Security
5 Wait a few minutes.
6 In the Symantec System Center, right-click a server group.
7 Click All Tasks > Symantec AntiVirus > Client Roaming Options.
8 In the Client Roaming Options dialog box, uncheck Enableroamingonclients
that have the Symantec AntiVirus Roaming service installed.
9 Click OK.

About preparing Symantec 10.x/3.x legacy installations
Symantec AntiVirus 10.x and Symantec Client Security 3.x provide the additional
features that must be properly configured for successful migration.
Unlocking server groups
If you do not unlock server groups before migration, unpredictable results may
occur. Also, if the roaming service is enabled for clients, the unlocking the server
group helps ensure that the clients properly authenticate to a parent server.
Clients that properly authenticate to a parent server get placed in the database.
Clients that get placed in the database automatically appear in the correct legacy
group in the console after installation.
To unlock a server group
1 In the Symantec System Center, right-click a locked server group, and then
click Unlock Server Group.
2 In the Unlock Server Group dialog box, type the authentication credentials
if necessary, and then click OK.
Turning off Tamper Protection
Tamper Protection can cause unpredictable results during migration. You must
turn off Tamper Protection before starting the migration.
To turn off Tamper Protection
1 In the Symantec System Center, right-click one of the following categories:
■ Server group
Migrating Symantec AntiVirus and Symantec Client Security
■ Primary or secondary management server
2 Click AllTasks>SymantecAntiVirus>ServerTamperProtection Options.
3 In the Server Tamper Protection Option dialog box, uncheck EnableTamper
Protection.
4 Click OK.
5 Do one of the following actions:
■ If you selected a server group, repeat this procedure for all server groups
if you have more than one.
■ If you selected a management server, repeat this procedure for all
management servers in all server groups.

Uninstalling and deleting reporting servers
If you installed one or more reporting servers, you must uninstall these reporting
servers, and optionally delete the database files. You must also delete reporting
servers from the Symantec System Center. Complete reporting server
uninstallation information is available in the Symantec System Center Online
Help. Legacy settings were stored in the registry. All settings are now stored in a
database along with the reporting data.
To uninstall reporting servers
1 Log on to a computer that runs the reporting server.
2 Click Start > Settings > Control Panel > Add or Remove Programs.
3 In the Add or Remove Programs dialog box, click SymantecReportingServer,
and then click Remove.
4 Follow the on-screen prompts until you delete the reporting server.
5 Repeat this procedure for all reporting servers.
To delete reporting servers from the Symantec System Center
1 In the Symantec System Center, right-click and expand Reporting.
2 Right-click each reporting server, and then click Delete.

Hi Sandip,

Clear, crisp and awsome!