Endpoint Protection

We have ugraded SEP in our environment from previously version 12.1.4 to latest 12.1.6 MP5. We configured no reboot in Client Install settings. We wanted to leave the reboot at user's discretion since they often claim about loss of improtant work due to forced/delayed reboot.

I see from SEPM console that a large number of SEP clients have been upgraded for more than 10 days now but the users have not rebooted their machines to complete the upgrade process. Most of the users are remote users so they rarely ever shutdown or reboot their laptops. What i wanted to inquire is:

1) Will this waiting period till user reboot their machines impact the security in anyway provided by SEP?

2) I fear the SEP is not functional till users reboot. Is this assumption correct or wrong? 

Thanks.

The components that need a reboot will remain on 12.1.4 and will not fully upgrade until the reboot.

SEP is and will function fully though. Your users will remain fully protected.

Best to get a reboot though in order to clear up known vulnerabilities that were fixed in 12.1.6 MP5.

After business hours or during your change window should be feasible I would think.

SEP 12.1 employs a side-by-side, replace on reboot installation strategy. Side-by-side means that new files are written to a new folder, referred to as a silo, isolated from the existing operational folder. Because the two versions are separated from each other, during a migration the older software is left running unchanged until the next reboot.

The primary benefit of side-by-side installation and replace on reboot is that the system continues to be protected by the existing software until the new version is in operation after the reboot.

This technique enables you to change the normal portion of the installation path during a migration, when applicable

https://www.symantec.com/connect/forums/reboot-necessary-after-upgrading-sep-1212-1214#comment-9649801

One thing to also note is that if you are upgrading to patch a vulnerability the new patched software will not take over until the reboot. Leaving your systems vulnerable to that vulnerability until the reboot. But still protected by the existing version. 

Also if space is restricted on the C: drive you will effectivally have two packages taking up space until the reboot can remove the old version. 

1) Will this waiting period till user reboot their machines impact the security in anyway provided by SEP?

--> Till the reboot upgrade will not complete & existing version will keep up & running. SEP 12.1 employs a side-by-side, replace on reboot installation strategy. Side-by-side means that new files are written to a new folder, referred to as a silo, isolated from the existing operational folder. Because the two versions are separated from each other, during a migration the older software is left running unchanged until the next reboot.

2) I fear the SEP is not functional till users reboot. Is this assumption correct or wrong? 

--> SEP will remain 100% functional though machine is not rebooted. In the SEPM console it can show computers waiting for reboot. You can list down those users & write an email to process computer restart. 

Thanks guys for the help. Very informative and much appreciated.