Endpoint Protection

What is the best practice for upgrading client computers from 10.0 Corporate to 11.0.4202 Endpoint?  I only have 25 pc's that need upgrading.  Should I completely uninstall 10.0 and then install 11.0.4202 or simply insert the disc and upgrade?

See Connect Forum thread - http://www.symantec.com/connect/forums/upgrade-sav-10-sep-11

Let me know if this was helpful.

Cheers,
Thomas

You can use this document it will be the same for 11.4202

http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2008121807552148

10.0 can be upgarded to 11.0 hence there is no need to uninstall the SAV
Plase mark the solution to this thread if your issue is resolved.:)

Hello EIRookster,

Imp things to note before upgrading :

In SSC (Symantec System Center)
 

1. Disable SAV client passwords
2. Disable Scheduled scans
3. Disable Tamper Protection
4. Disable Scheduled LU
    

As it is a very small setup of 25 systems I would recommend new installation instead of Migration.
Steps to follow :-

Make the above mentioned changes in SSC for all the groups

1. Install Symantec Endpoint Protection Manager Console on the same server where you have SSC
2. Create groups as per requirement
3. Define Policies for groups as per requirement
4. Create Install packages
5. Deploy it to clients (No need to uninstall SAV client if it is above Version 9.x)
6. Uninstall SSC after all the clients are upgraded Successfully and install SEP client to the Server at the end (with SSC on the system SEP client would not get installed).

You can refer to the Article for 'Planning custom group for SEPM organization for optimized security administration (if SEPM not in sync with AD)'
https://www-secure.symantec.com/connect/articles/planning-custom-group-sepm-organization-optimized-security-administration-if-sepm-not-sync-

Hope this helps
Please revert if this answers your query.

Thanks :)

Frnds,

EIRookster want to migrate sav10 clients to sep and not manager.

So Mr EORookster, your need to follow below steps:

1) stop all symantec services

2) if your sav is properly running on client then simply install sep setup.exe which will run in silent mode or run Symantec AntiVirus.msi which will start in user friendly mode.

3) if your sav is not working properly on client then need to delete symantec entries from registry and then try to delete symantec folders from c:\program files as well as c:\documents and settings\all users\application data\

4) restart your pc and then try to install sep setup.

if any query then do revert.... and if solution is proper then plz mark me as correct solution....

I agree with Santosh in these very important - no, critical steps - many overlooked these critical areas:

1. Disable SAV client passwords
2. Disable Scheduled scans
3. Disable Tamper Protection
4. Disable Scheduled LU
    

HOWEVER, I did a migration from SAV to SEP 11 months ago - removing SAV is a waste of time, IMO. I can't see why anyone thinks it's needed at all to remove SAV 10 when SEP goes over the top so smoothly, they don't even know what hit 'em.
HOWEVER, if you have any computers with the SAV console installed, it MUST be manually removed first.
DO disable any uninstall passwords you may have put into place in SAV - if SAV requires a password to uninstall, SEP install will fail because it removes SAV first, then installs itself. I'd disable/delete any scheduled scans partly because there can be "remnants"
 left - some odd cases where the old SAV scans still happen even though SEP doesn't have them scheduled. So kill any scheduled scans.
Then I'd use the SEP migration wizard and push SEP to that tiny little number of workstations.
I pushed SEP OVER SAV after removing scans, removing passwords, basically Santosh's list of 4, then pushed to THREE HUNDRED computers in over 40 offices through our state with NO failures!  AND I did it during the WORK DAY while these people worked!
I don't think anyone even noticed!

Now this did not happen all at once - I did 3 or 4 dozen a day and LEFT the parent servers up to manage SAV clients until they were all done. So I had 2 SAV parents, started to push SEP out, eventually removed one SAV parent, the rest all migrated to the remaining parent, and I continued to push SEP out to them using the wizard. I don't mess with the active directory integration. Too much of a hassle, especially the way OUR active directory looks - it's a total nightmare - a kludgy mess. In fact, I don't let ANY product integrate with our AD because it's such a mess. SEP is so totally simple to manage with just your own groups setup the way YOU want them for security administration, why bother with all the issues that come up using AD.......... especially with only 25 clients! We have 300 and I find using SEP's own groups, security the way I SEE FIT, not how some other network administrator doing OTHER things sees fit.
I guess I"m here to say - don't make it too bloody complicated! It doesn't need to be.
Follow his 1-4 steps, push SEP over SAV, setup the groups in SEP the way you need to manage in your business and go from there.

(beings there's such competition for everyone to be the first for a solution because it earns them points - PLEASE don't be pushed into marking a solution unless you feel one was really truly helpful and solved your problem. Then, please do mark as solved so others who have the same questions YOU do can see how you solved it)  (watch that get deleted!)
 

Hi Nitin,

You are talking about local installation, yes that can be done. I don't think that will be a good choice as it will be a tedious process.

However, if the Clients are set to be managed the process I mentioned is appropriate. Moreover, Managed setup will help monitor the Network Security from SEPM and the Administrator will not have to look into each system.

If all the systems are to be upgraded and set as Unmanaged clients then you can also use Push Deployment Tool from CD2 for SEP. No need to do local installation.

Speaking about Symantec Services - No need to stop them for an upgrade. Installation will automatically do it at the point where it should be.
There could be instances where SAV client is corrupt or installation fails. In such cases SAV could be uninstalled from Add/Remove program and the SEP could be installed locally or deployed from the Server using Migration and deployment wizard. If there are issues installing SEP even after this, I would highly recommend to contact Tech Support and do not delete any folder or file from Program Files or make changes to registry. There could be many causes for the installation failure. The one that you mentioned may have worked in your scenario, however, it may not be same in every case. So please do not recommend such critical steps (Registry changes) without proper analysis that could lead to OS crash.

Thanks :)

I agree - no need to stop services! And setup will only run in silent mode if you have so built the package you are pushing.
Again, I'm with Santosh!
You can push the install remotely to all 25, even if managed! Again, build the package using the console first! IT will then have all the options you want - silent or not, managed or not, etc.
Recommending registry changes, especially when someone is coming in for basic  help will only confuse.
Symanted and MS both give warnings before even they advise on changes.
A. you don't need to stop any services - follow Santosh's 4 steps
B. You don't need any registry changes at all!