The start-up script below is to assist system administrators who need a simple way to update multiple revisions and architectures of Symantec Endpoint Protection to the latest version. (Ru6 MP3 at time of writing).
From your installation share, I recommend creating the below folder structure.
.\SEP-Upgrade\ (SEP-Upgrade.bat)
.\SEP-Upgrade\x86\
.\SEP-Upgrade\x64\
Patches are available here: ftp://ftp.symantec.com/public/english_us_canada/products/symantec_endpoint_protection/11.0/updates/
To patch RU6 MP3 you need to be running RU6 or later, older versions need to be patched first to RU6 then to RU6 MP3.
When running a version prior to RU6, it is possible to run two patches consecutively to RU6 MP3 without a restart, though I have chosen not to do so to minimize start-up times for users.
The script determines which patch to install by first querying the architecture (32/64-bit) then querying the registry for which current version is installed.
Each patch writes an event to the eventlog, this is optional.
Save the script below to batch file SEP-Upgrade.bat
---------
REM Symantec Endpoint Protection client patches
REM Patches prior to RU6 need to be updated first to RU6a
REM Set OS Architecture
SET OS=x86\SEP32
IF "%PROCESSOR_ARCHITECTURE%"=="AMD64" (
SET OS=x64\SEP64
)
REM Query Version
SET OLDVERSION=
FOR /F "tokens=3" %%a IN ('REG QUERY "HKLM\Software\Symantec\Symantec Endpoint Protection\SMC" /v ProductVersion ^| FINDSTR ProductVersion') DO (
SET OLDVERSION=%%a
)
IF "%OLDVERSION%"==11.0.6300.803 (
exit
)
IF "%OLDVERSION%"=="11.0.4014.26" (
"%~dp0%OS%_26To562_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (MR4 MP1a) has been upgraded to 11.0.6004.562 (RU6a)"
)
IF "%OLDVERSION%"=="11.0.4202.75" (
"%~dp0%OS%_75To562_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (MR4 MP2) has been upgraded to 11.0.6004.562 (RU6a)"
)
IF "%OLDVERSION%"=="11.0.5002.333" (
"%~dp0%OS%_333_RTMTo562_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (RU5) has been upgraded to 11.0.6004.562 (RU6a)"
)
IF "%OLDVERSION%"=="11.0.6000.550" (
"%~dp0%OS%_550To803_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (RU6) has been upgraded to 11.0.6300.803 (RU6 MP3)"
)
IF "%OLDVERSION%"=="11.0.6005.562" (
"%~dp0%OS%_562To803_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (RU6a) has been upgraded to 11.0.6300.803 (RU6 MP3)"
)
IF "%OLDVERSION%"=="11.0.6100.645" (
"%~dp0%OS%_645To803_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (RU6 MP1) has been upgraded to 11.0.6300.803 (RU6 MP3)"
)
IF "%OLDVERSION%"=="11.0.6200.754" (
"%~dp0%OS%_754To803_clientMSPMSI.exe"
EVENTCREATE /T INFORMATION /ID 302 /L APPLICATION /SO "Symantec Endpoint Protection Upgrade" /D "SEP %OLDVERSION% (RU6 MP2) has been upgraded to 11.0.6300.803 (RU6 MP3)"
)