Endpoint Protection

Hallo,

I have problem with replacing sylink.xml on the latest SEPM and clients (12.1.6 MP4 build 6867).

There is no problem to replace sylink (manually, GUI or sylinkdrop - each of method works successfull) BUT then client are still in the old (previous) group/container on the SEPM. Restarting smc.exe -stop / -start, restarting whole client pc, updating policy on the client - no success. Clients are still in the old group!

The only way is MANUALY DELETE client from SEPM console and THEN replace sylink (or update client policy if the sylink was already replaced before). But this steps must be done together (before hertbeat or refresh come).

Is this new bug?? Times ago there was no problem with replacing sylink (drop, replacer, xcopy ... just Tamper protection had to be off), so why it is not working now? I use SEP/SEPM nearly 10 years but this I a have never see before.

Please can you prove or disprove it please? Thank you!

Ondrej

See SMLatCST and greg12s comments here:

https://www-secure.symantec.com/connect/forums/sep-clients-unexpected-behavior-sepm#comment-8185821

https://www-secure.symantec.com/connect/tr/forums/sylink-and-group-membership-change?cid=11596841#comment-11596841

It is designed to work that way, so that existing clients can easily report back to its original group. change the sylink will work only if the SEPM doesn't where is client is coming from and has no idea about it. So its ultimately the SEPM which has a say when it comes to existing client. 

Sylink replacement maynot be practically working in some cases.

I did spend some time by doing the sylink excercise but it simly doen't want to report to the new SEPM. Below method finally worked.

in new SEPM, under client, add a client, create a package for SEP clients that run on (select win or mac), select the group, select computer/user mode, remote push, select the client from list, input the credentials, send.

By this method, client will report to the new SEPM and can have the latest package as and when assigned.

Thank you all for comments.

The reason why I can not move client on the SEPM side is because clients are in different SEP domains. I can MOVE client only within actually administered domain. When new cliet is deployed (from image, but there is no duplicity) it is deployed into the My Company\Default group. It is better than unmanaged client, because I can see them and I have a control of that clients. But moving client to proper group is impossible for local administrators - they do not have system administrator account so they can not administer whole site and different sep domains.

The only way I see is to deploy unmanaged clients on new computers so local admins can simple replace sylink locally and connect client to proper group in the SEPM. Correct or there isn any better/simple/smart way?

Thank you for your opinion, hint or advice. Ondrej

You can use MoveClient utility from the tools folder, From Default you can move it to any group you like

https://webcache.googleusercontent.com/search?q=cache:_Gkro33VBbsJ:https://support.symantec.com/en_US/article.TECH157429.html+&cd=1&hl=en&ct=clnk&gl=in

"Thumbs Up" to Rafeeq!

The MoveClient utility is definitely the way forward when you want to move a Managed SEP Client from one SEP Domain to another (in the same SEP Estate).

Have a look at the below article, which talks a bit more about it:

http://www.symantec.com/docs/TECH230267