Endpoint Protection

I have a general question regarding the uprgade process and potential system vulnerabilities. We manage thousands of endpoints and some of the users are very touchy when it comes to restarts. Coordinating restarts with sub-departments can be a very time consuming process and also difficult (both logistically and politcally). 

When upgrading clients, the system typically requires a reboot. When an update is pushed it, the clients are put into a pending restart state. Certain people have said that this is incredibly dangerous as the client is vulnerable during this time. Because of this, upgrading clients can be a very frustrating process because while we want everyone running the latest version we cannot always have machines reboot immediately after the upgrade. 

I would like to know how long we are able to leave a client in the pending restart state. So my real question is this: After a client is in a pending restart state due to an upgrade, what exactly causes the client to be vunerable? Are certain features disabled entirely? Is the client simply unable to receive definition updates? Or is it something else. 

I would appreciate any information on this so that I can make the process as non-intrusive as possible but also maximize security. 

Thanks!

The client will still function as expected, receive updates, all components will work, although it still needs a reboot to update files to the latest versions.

Ideally, you want to reboot as soon as you can but you shouldn't expect a loss in functionality in the client

Symantec Endpoint Protection Recommended Best Practices for Securing an Enterprise Environment

Hello,

As a best practice, it is recommended to restart the client machine, when a full feature set (AV/AS, PTP and NTP) is installed.

When migrating the SEP client, the drivers are migrated as well and that is the reason it is a restart is required.

In case a restart is not done, the firewall drivers and feature would not work correctly.

SEP 12.1 employs a side-by-side, replace on reboot installation strategy. Side-by-side means that new files are written to a new folder, referred to as a silo, isolated from the existing operational folder. Because the two versions are separated from each other, during a migration the older software is left running unchanged until the next reboot.

The primary benefit of side-by-side installation and replace on reboot is that the system continues to be protected by the existing software until the new version is in operation after the reboot.

This technique enables you to change the normal portion of the installation path during a migration, when applicable

If you are planning to upgrade or migrate to Symantec Endpoint Protection 12.1.4, please take a look at the latest how-to article created by our very own SEP content council team.

Best practices for upgrading to Symantec Endpoint Protection 12.1.x

http://www.symantec.com/business/support/index?page=content&id=TECH163700

Hope that helps!!

https://www-secure.symantec.com/connect/forums/reboot-necessary-after-upgrading-sep-1212-1214

Thank you so much for the reply! That's exactly what I was looking for. 

Is the process the same for Mac OS X installations? 

Until 12.1.4, Macs only have the AV component. With 12.1.4 they will contain the IPS component as well.

The links will noly apply to Windows machines.

@Gail,

Do you need more assistance with your problem or were you able to get it resolved?

If you could post an update for followers of this thread that would be most helpful.

Otherwise, if resolved, you can close the thread out by clicking the "Mark as solution" link at the bottom left on the most helpful post. If multiple posts helped to solve your problem, please click the "Request split solution" link at the bottom left, select the most helpful posts and click the "Submit" button. This will benefit admins looking for a resolution to the same problem.

Thanks and take care,
Brian