Endpoint Protection

Hi guys,

we want to upgrade our clients to from SEP 11.x, 12.1.x to 12.1.5 by using our SCCM infrastructure. As far as I´ve seen the AV and NTP definitions are extracted from the install package. Is there a way to keep the definitions from the installed SEP client? The SEP client has the most current definitions before the new version is taking over after the reboot. This also reduces the package size dramaticly from ~400 MB to ~80 MB.

Thanks for any hints...

Yes just export a package with basic content.

See here:

How to export Symantec Endpoint Protection (SEP) client install packages without any definitions or package with Basic Content.

Hi Brian,

so this is the way it "should" work? I´ve already used this settings you´ve posted, but the updated client came back after reboot without any def´s and downloaded everything from scratch.

The content won't come from the SEPM, it will go out to LiveUpdate to grab all the content.

Or are you saying that after upgrading it cleanrs out the content, even though it's the latest?

This is what happened:

1. SEP 11.x Client with most current def´s is running, AV and NTP
2. SEP 12 Client (with basic content) setup is installing successfully
3. SEPM reboots "Reboot required" for this Client - as expected
4. Client reboots
5. SEP 12 is in charge now, no def´s "Waiting for updates"
6. after some minutes the def´s are downloaded from SEPM again

SEP 12.1 virus defs don't work for 11.x so I could see why this happened. Completely structure different here.

I see... Some thoughts about a workaround: We want to avoid service desk calls from users reporting old definitions and also have the client up to date as soon as possible. I´ve seen a defs ZIP File when I export a full package (as files and folders). Is this ZIP replaceable? If so, I could replace this 2 times a week or so and update SCCMs distribuiton points.

Hi,

This is expected behaviour.

SEP 12.1 employs a side-by-side, replace on reboot installation strategy. Side-by-side means that new files are written to a new folder, referred to as a silo, isolated from the existing operational folder. Because the two versions are separated from each other, during a migration the older software is left running unchanged until the next reboot.

The primary benefit of side-by-side installation and replace on reboot is that the system continues to be protected by the existing software until the new version is in operation after the reboot.

This technique enables you to change the normal portion of the installation path during a migration, when applicable.   

You could try this:

Manually updating the Virus and Spyware definitions content included with an Endpoint Protection client installation package

Hi Chetan,

I understand the the side-by-side upgrade stuff, in general. But what are you refering to?

Hi Brian,

this might be the solution what we are looking for. Since we have official holidays here tomorrow I can try this not until monday. I´ll report back...

many thanks!

Sounds good, hopefully that works. Let me know if you need anything else :)

Hi Brian,

based on your tips I´ve build a solution thats working pretty well, at least on an couple of test clients. So this is it:

We have 4 different deployment types within SCCM. In SCCM a deployment type is the content and a install command (script, exe, etc.),for a short explanation.

2 of them are are for SEP 11.x clients, with defs, the other ones are with basic content for 12.x clients. So they have to download less content.

In addition to that, each of these packages are using a small batch to copy down a setAid.ini with and without firewall component.

The decisions are made by SCCMs requirement rules (SEP 11 or 12, with or without firewall).

Thanks a lot!

Happy to help :)