Migration guide sep12.1 (1)

Symantec™ Endpoint
Protection Migration
Reference Guide

Symantec Endpoint Protection Migration Reference
Guide
The software described in this book is furnished under a license agreement and may be used
only in accordance with the terms of the agreement.

Documentation version 12.01.00.00

Legal Notice
Copyright © 2011 Symantec Corporation. All rights reserved.

Symantec, the Symantec Logo, Bloodhound, Confidence Online, Digital Immune System,
LiveUpdate, Norton, Sygate, and TruScan are trademarks or registered trademarks of
Symantec Corporation or its affiliates in the U.S. and other countries. Other names may be
trademarks of their respective owners.

This Symantec product may contain third party software for which Symantec is required
to provide attribution to the third party (“Third Party Programs”). Some of the Third Party
Programs are available under open source or free software licenses. The License Agreement
accompanying the Software does not alter any rights or obligations you may have under
those open source or free software licenses. Please see the Third Party Legal Notice Appendix
to this Documentation or TPIP ReadMe File accompanying this Symantec product for more
information on the Third Party Programs.

The product described in this document is distributed under licenses restricting its use,
copying, distribution, and decompilation/reverse engineering. No part of this document
may be reproduced in any form by any means without prior written authorization of
Symantec Corporation and its licensors, if any.

THE DOCUMENTATION IS PROVIDED "AS IS" AND ALL EXPRESS OR IMPLIED CONDITIONS,
REPRESENTATIONS AND WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE OR NON-INFRINGEMENT,
ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT SUCH DISCLAIMERS ARE HELD TO
BE LEGALLY INVALID. SYMANTEC CORPORATION SHALL NOT BE LIABLE FOR INCIDENTAL
OR CONSEQUENTIAL DAMAGES IN CONNECTION WITH THE FURNISHING,
PERFORMANCE, OR USE OF THIS DOCUMENTATION. THE INFORMATION CONTAINED
IN THIS DOCUMENTATION IS SUBJECT TO CHANGE WITHOUT NOTICE.

The Licensed Software and Documentation are deemed to be commercial computer software
as defined in FAR 12.212 and subject to restricted rights as defined in FAR Section 52.227-19
"Commercial Computer Software - Restricted Rights" and DFARS 227.7202, "Rights in
Commercial Computer Software or Commercial Computer Software Documentation", as
applicable, and any successor regulations. Any use, modification, reproduction release,
performance, display or disclosure of the Licensed Software and Documentation by the U.S.
Government shall be solely in accordance with the terms of this Agreement.

Symantec Corporation
350 Ellis Street
Mountain View, CA 94043

http://www.symantec.com

Technical Support
Symantec Technical Support maintains support centers globally. Technical
Support’s primary role is to respond to specific queries about product features
and functionality. The Technical Support group also creates content for our online
Knowledge Base. The Technical Support group works collaboratively with the
other functional areas within Symantec to answer your questions in a timely
fashion. For example, the Technical Support group works with Product Engineering
and Symantec Security Response to provide alerting services and virus definition
updates.
Symantec’s support offerings include the following:
■ A range of support options that give you the flexibility to select the right
amount of service for any size organization
■ Telephone and/or Web-based support that provides rapid response and
up-to-the-minute information
■ Upgrade assurance that delivers software upgrades
■ Global support purchased on a regional business hours or 24 hours a day, 7
days a week basis
■ Premium service offerings that include Account Management Services
For information about Symantec’s support offerings, you can visit our Web site
at the following URL:
www.symantec.com/business/support/
All support services will be delivered in accordance with your support agreement
and the then-current enterprise technical support policy.

Contacting Technical Support
Customers with a current support agreement may access Technical Support
information at the following URL:
Before contacting Technical Support, make sure you have satisfied the system
requirements that are listed in your product documentation. Also, you should be
at the computer on which the problem occurred, in case it is necessary to replicate
the problem.
When you contact Technical Support, please have the following information
available:
■ Product release level

■ Hardware information
■ Available memory, disk space, and NIC information
■ Operating system
■ Version and patch level
■ Network topology
■ Router, gateway, and IP address information
■ Problem description:
■ Error messages and log files
■ Troubleshooting that was performed before contacting Symantec
■ Recent software configuration changes and network changes

Licensing and registration
If your Symantec product requires registration or a license key, access our technical
support Web page at the following URL:

Customer service
Customer service information is available at the following URL:
Customer Service is available to assist with non-technical questions, such as the
following types of issues:
■ Questions regarding product licensing or serialization
■ Product registration updates, such as address or name changes
■ General product information (features, language availability, local dealers)
■ Latest information about product updates and upgrades
■ Information about upgrade assurance and support contracts
■ Information about the Symantec Buying Programs
■ Advice about Symantec's technical support options
■ Nontechnical presales questions
■ Issues that are related to CD-ROMs, DVDs, or manuals

Support agreement resources
If you want to contact Symantec regarding an existing support agreement, please
contact the support agreement administration team for your region as follows:

Asia-Pacific and Japan customercare_apac@symantec.com

Europe, Middle-East, and Africa semea@symantec.com

North America and Latin America supportsolutions@symantec.com

Upgrading or migrating to
Symantec Endpoint
Protection
This document includes the following topics:

■ Where to go for information on upgrading and migrating

■ Supported server upgrade paths

■ Supported client upgrade paths

■ Migrations that are supported and unsupported for the Mac client

■ Deciding which features to install on the client

■ Feature mapping between 11.x and 12.1 clients

■ Client protection features by platform

■ Management features by platform

■ Virus and Spyware Protection policy settings available for Windows and Mac

■ LiveUpdate policy settings available for Windows and Mac

■ Increasing Symantec Endpoint Protection Manager disk space before upgrading
to version 12.1

8 Upgrading or migrating to Symantec Endpoint Protection
Where to go for information on upgrading and migrating

Where to go for information on upgrading and
migrating
Table 1-1 lists the key topics that pertain to upgrading and migrating to Symantec
Endpoint Protection.
To locate these topics, see the Symantec Endpoint Protection and Symantec Network
Access Control Implementation Guide.

Table 1-1 Product upgrade and migration resources

Task Topic

Supported and unsupported For new installations, you deploy client software to
upgrade paths your computers after you install the Symantec
Endpoint Protection Manager. For existing
installations, you upgrade existing clients to the new
version of Symantec Endpoint Protection after you
upgrade the Symantec Endpoint Protection Manager.

See “Supported client upgrade paths” on page 10.

See “Supported server upgrade paths” on page 9.

See “Migrations that are supported and unsupported
for the Mac client” on page 10.

Preparing computers to receive the "Preparing for client installation"
client software installation
packages

Creating security policies for the "The types of security policies"
clients
"Adding a policy"

Configuring feature sets for clients "About the client installation settings"

"Configuring client installation package features"

See “Deciding which features to install on the client”
on page 11.

"About client deployment methods"

Deploying clients to the client "About client deployment methods"
computers

Migrating clients to a newer "About migrating to Symantec Endpoint Protection"
version

Upgrading or migrating to Symantec Endpoint Protection 9
Supported server upgrade paths

Table 1-1 Product upgrade and migration resources (continued)

Task Topic

How protection technologies and See “Feature mapping between 11.x and 12.1 clients”
features from legacy clients map to on page 12.
new clients

Feature and policy descriptions "About the types of threat protection that Symantec
Endpoint Protection provides"

"The types of security policies"

Feature dependencies "How Symantec Endpoint Protection protection
features work together"

Feature availability by platform See “Client protection features by platform”
on page 15.

Upgrade licensing "About product upgrades and licenses"

Migration procedures and general "About migrating to Symantec Endpoint Protection"
information

For more information on migration, see the knowledge base article, Endpoint
Security Migration & Installation.

Supported server upgrade paths
The following Symantec Endpoint Protection Manager upgrade paths are
supported:
■ From 11.x to 12.1 (full version)
■ From 12.0 Small Business Edition to 12 .1 (full version)
■ From 12.1 Small Business Edition to 12.1 (full version)

Note: Symantec AntiVirus 9.x and 10.x server information can be imported during
the installation of Symantec Endpoint Protection Manager version 12.1.

The following downgrade paths are not supported:
■ 12.1 (full version) to 12.1 Small Business Edition
■ 11.x to 12.1 Small Business Edition

Supported client upgrade paths

Supported client upgrade paths
The following Symantec Endpoint Protection client versions can upgrade directly
to version 12.1:
■ 11.0.780.1109
■ 11.0.1000.1375 - MR1
■ 11.0.2000.1567 - MR2, with maintenance patches
■ 11.0.3001.2224 - MR3
■ 11.0.4000.2295 - MR4, with maintenance patches
■ 11.0.5002.333 - RU5
■ 11.0.6000.550 - RU6, with maintenance patches
■ 12.0.122.192 Small Business Edition
■ 12.0.1001.95 Small Business Edition RU1
Upgrading from Symantec Sygate Enterprise Protection 5.x, and Symantec
AntiVirus 9.x and 10.x to 12.1 (full version) is supported.

Migrations that are supported and unsupported for
the Mac client
Table 1-2 displays the products that can be migrated to the Symantec Endpoint
Protection for Mac client.

Table 1-2 Migration paths from Symantec AntiVirus for Mac to the Symantec
Endpoint Protection Mac client

Migrate from Migrate to Supported?

Managed Symantec AntiVirus Managed Symantec Yes
for Mac client Endpoint Protection for Mac
client

Unmanaged Symantec AntiVirus Unmanaged Symantec Yes
client

Unmanaged Symantec AntiVirus Managed Symantec Yes
client

Deciding which features to install on the client

Table 1-2 Migration paths from Symantec AntiVirus for Mac to the Symantec
Endpoint Protection Mac client (continued)

Migrate from Migrate to Supported?

Managed Symantec AntiVirus Unmanaged Symantec Yes, but managed client
for Mac client Endpoint Protection for Mac settings are retained.
client

Norton AntiVirus for Mac Managed or unmanaged No. Client must uninstall
Symantec Endpoint Norton products before
Protection for Mac client installing Symantec
Endpoint Protection.

Deciding which features to install on the client
When you deploy the client using the Client Deployment Wizard, you must choose
the feature set. The feature set includes multiple protection components that are
installed on the client. You can select a default feature set or select individual
components. Decide which feature set to install based on the role of the computers,
and the level of security or performance that the computers need.
Table 1-3 lists the protection technologies you should install on client computers
based on their role.

Table 1-3 Recommended feature set by computer role

Client computer role Recommended feature set

Workstations, desktop, and Full Protection for Clients
laptop computers
Includes all protection technologies. Appropriate for
laptops, workstations, and desktops. Includes the full
download protection and mail protocol protection.
Note: Whenever possible, use Full Protection for
maximum security.

Servers Full Protection for Servers

Includes all protection technologies except mail protocol
protection. Appropriate for any servers that require
maximum network security.

High-throughput servers Basic Protection for Servers

Includes Virus and Spyware Protection and Download
Protection. Appropriate for any servers that require
maximum network performance.

Feature mapping between 11.x and 12.1 clients

When you upgrade clients using the autoupgrade feature, and check the Maintain
Existing Features option, the features that are configured in legacy clients are
mapped to the new version.
The tables in this section depict the feature mapping between previous versions
and the new version of Symantec Endpoint Protection for common update
scenarios.
If you migrate from a previous version, be aware that Antivirus and Antispyware
Protection in Symantec Endpoint Protection 11.x is called Virus and Spyware
Protection in version 12.1.
Table 1-4 compares the default protection technologies between 11.x and 12.1
clients.

Table 1-4 11.x to 12.1 default client protection

Default 11.x client protection Default 12.1 client protection

Antivirus + TruScan Antivirus + SONAR + Download Insight

Antivirus Antivirus + Basic Download Insight

Antivirus without Proactive Threat Antivirus without SONAR or Download
Protection Insight

Table 1-5 11.x to 12.1 full protection

Existing 11.x features installed 12.1 features installed after
Autoupgrade

Antivirus and Antispyware Protection Virus and Spyware Protection

■ Antivirus and Antispyware Protection ■ Basic Virus and Spyware Protection
■ Download Insight

Auto-Protect Email Protection Auto-Protect Email Protection

■ POP3/SMTP Scanner ■ POP3/SMTP Scanner
■ Microsoft Outlook Scanner ■ Microsoft Outlook Scanner
■ Lotus Notes Scanner ■ Lotus Notes Scanner

Proactive Threat Protection Proactive Threat Protection

■ TruScan proactive threat scan ■ SONAR
■ Application and Device Control ■ Application and Device Control


Table 1-5 11.x to 12.1 full protection (continued)

Autoupgrade

Network Threat Protection Network Threat Protection

■ Network Threat Protection ■ Network Threat Protection
■ Intrusion Prevention ■ Intrusion Prevention

Table 1-6 11.x to 12.1 AV only

Autoupgrade





Table 1-7 11.x to 12.1 AV + Proactive Threat Protection

Autoupgrade








■ Intrusion Prevention System ■ Intrusion Prevention System


Table 1-8 11.x to 12.1 (full version) firewall only

Autoupgrade






■ Network Threat Protection ■ Network Threat Protection
Note: The 12.1 version only includes the
firewall

Table 1-9 12.0 Small Business Edition to 12.1 (full version)

Existing 12.0 Small Business Edition 12.1 features installed after
features installed Autoupgrade

Virus and Spyware Protection Virus and Spyware Protection

■ Virus and Spyware Protection ■ Basic Virus and Spyware Protection




■ Application and Device Control

■ Firewall and Intrusion Prevention ■ Network Threat Protection
■ Intrusion Prevention

Client protection features by platform

Client protection features by platform
Table 1-10 explains the differences in the protection features that are available
on the different client computer platforms.

Table 1-10 Symantec Endpoint Protection client protection

Client feature Windows XP Windows XP Windows Windows Mac Linux
(SP2), (SP2), Server 2003, Server 2003,
Windows Windows Windows Windows
Vista, Vista, Server 2008, Server 2008,
Windows 7, Windows 7, 32-bit 64-bit
32-bit 64-bit

Scheduled scans Yes Yes Yes Yes Yes Yes

On-demand scans Yes Yes Yes Yes Yes Yes

Auto-Protect for the file Yes Yes Yes Yes Yes Yes
system

Internet Email Auto-Protect Yes No No No No No

Microsoft Outlook Yes Yes Yes Yes No No
Auto-Protect

Lotus Notes Auto-Protect Yes Yes Yes Yes No No

SONAR Yes Yes Yes Yes No No

Firewall Yes Yes Yes Yes No No

Intrusion Prevention Yes Yes Yes Yes No No

Application and Device Yes Yes Yes Yes No No
Control

Host Integrity Yes Yes Yes Yes No No

Tamper Protection Yes Yes, with Yes Yes, with No No
limitations limitations

See “Management features by platform” on page 16.
See “Virus and Spyware Protection policy settings available for Windows and
Mac” on page 17.
See “LiveUpdate policy settings available for Windows and Mac” on page 18.

Management features by platform

Management features by platform
Table 1-11 explains the management features that are available for the Windows
and Mac client platforms.

Table 1-11 Comparison between Symantec Endpoint Protection Manager
features for Windows and Mac

Feature Windows Mac

Deploy client remotely from Yes No
Symantec Endpoint Protection
Manager

Manage client from Symantec Yes Yes
Endpoint Protection Manager

Update virus definitions and Yes No
product from management server

Run commands from ■ Scan ■ Scan
management server ■ Update Content ■ Update Content
■ Update Content and Scan ■ Update Content and Scan
■ Restart Client Computers ■ Restart Client Computers
■ Enable Auto-Protect ■ Enable Auto-Protect
■ Restart Client Computers ■ Restart Client Computers
■ Enable Auto-Protect ■ Enable Auto-Protect
■ Enable Network Threat
Protection
■ Disable Network Threat
Protection

Provide updates by using Group Yes No
Update Providers

Run Intelligent Updater Yes Yes

Package updates for third-party Yes No*
tools in management server

Set randomized scans Yes No

Set randomized updates Yes Yes

*You can run Intelligent Updater to get Mac content updates. You can then push
the updates to Mac clients by using a third-party tool such as Apple Remote
Desktop.

Virus and Spyware Protection policy settings available for Windows and Mac

Mac” on page 17.
See “Client protection features by platform” on page 15.

Virus and Spyware Protection policy settings available
for Windows and Mac
Table 1-12 displays the differences in the policy settings that are available for
Windows clients and Mac clients.

Table 1-12 Virus and Spyware Protection policy settings (Windows and Mac
only)

Policy setting Windows Mac

Define actions for scans You can specify first and second actions You can specify either of the following
when different types of virus or risk are actions:
found. You can specify the following
■ Automatically repair infected files
actions:
■ Quarantine files that cannot be
■ Clean repaired
■ Quarantine
■ Delete
■ Leave alone

Specify remediation if a virus You can specify the following remediation Remediation is automatically associated
or a risk is found actions: with actions.

■ Back up files before repair
■ Terminate processes
■ Stop services

Set scan type Active, Full, Custom Custom only

Retry scheduled scans Yes No

Set scans to check additional Yes No
locations (scan
enhancement)

Configure storage migration Yes No
scans

Configure scan exceptions Yes Yes

LiveUpdate policy settings available for Windows and Mac


LiveUpdate policy settings available for Windows and
Mac
Table 1-13 displays the LiveUpdate Settings policy options that the Windows
client and the Mac client support.

Table 1-13 LiveUpdate policy settings (Windows and Mac only)

Policy setting Windows Mac

Use the default management server Yes No

Use a LiveUpdate server (internal or Yes Yes
external)

Use a Group Update Provider Yes No

Enable third-party content Yes No
management
You can, however, run Intelligent
Updater to get Mac content updates.
You can then push the updates to
Mac clients by using a third-party
tool such as Apple Remote Desktop.

LiveUpdate Proxy Configuration Yes Yes, but it is not configured in the
LiveUpdate policy. It is configured
from the External Communications
settings.

LiveUpdate Scheduling Yes Yes, for Frequency and Download
Randomization options; no for all
other scheduling options

User Settings Yes No

Product Update Settings Yes Yes

HTTP Headers Yes No


Increasing Symantec Endpoint Protection Manager disk space before upgrading to version 12.1

Mac” on page 17.

Increasing Symantec Endpoint Protection Manager
disk space before upgrading to version 12.1
The Symantec Endpoint Protection Manager version 12.1 requires a minimum of
5 GB of available disk space. Make sure that any legacy servers or new hardware
meet the minimum hardware requirements.

Note: Make a backup of the database before making configuration changes.

Table 1-14 lists ways you can make more disk space available for the upgrade.

Table 1-14 Tasks to increase disk space on the management server

Task Description

Change the LiveUpdate settings 1 Go to Admin > Servers and right-click on Local
to reduce space requirements. Site. Select Edit Properties.

2 On the LiveUpdate tab, uncheck Store client
packages unzipped to provide better network
performance for upgrades

3 On the LiveUpdate tab, reduce the number of
content revisions to keep. The optimum value is
30 revisions but a lower setting uses less disk
space. For the upgrade, you can lower the setting
to 10, and then after the upgrade, return the
setting to 30.

Make sure unused virus 1 Go to Admin > Servers and right-click on Local
definitions are deleted from the Site. Select Edit Properties
Symantec Endpoint Protection
2 On the Database tab, make sure that Delete
Manager database.
unused virus definitions is checked.

Increasing Symantec Endpoint Protection Manager disk space before upgrading to version 12.1

Table 1-14 Tasks to increase disk space on the management server (continued)

Task Description

Relocate or remove co-existing ■ If other programs are installed on the same computer
programs and files with the Symantec Endpoint Protection Manager,
consider relocating them to another server. Unused
programs can be removed.
■ If the Symantec Endpoint Protection Manager shares
the computer with other storage intensive
applications, consider dedicating a computer to
support only the Symantec Endpoint Protection
Manager.
■ Remove temporary Symantec Endpoint Protection
files.
For a list of temporary files that you can remove, see
the knowledge base article, Symantec Endpoint
Protection Manager directories contain many .TMP
folders consuming large amounts of disk space.
Note: Defragment the hard drive after removing
programs and files.

Use an external database If the Symantec Endpoint Protection database resides
on the same computer with the Symantec Endpoint
Protection Manager, consider installing a Microsoft SQL
database on another computer. Significant disk space
is saved and in most cases, performance is improved.

Note: Make sure that the client computers also have enough disk space before an
upgrade. Check the system requirements and as needed, remove unnecessary
programs and files, and then defragment the client computer hard drive.

Migration guide sep12.1 (1)

More Related Content

What's hot

Similar to Migration guide sep12.1 (1)

Recently uploaded

Migration guide sep12.1 (1)