Upgrade to SEP 12.1.4 from 11.x


Just putting together a plan for upgrading our Symantec Endpoint Protection v12.1.4 from 11.x and wondering when/how do we upgrade our client install package we've created?  These are the different package we created for our desktops,  64_bit servers and 32_bit_servers. They're stored on another volume from the main SEP install in the mgmt server and I can't find mention how packages are upgraded.

Also, can someone confirm that exclusions we've set on individual servers are kept post pushing out the upgrade from mgmt server

Who is Participating?
arnoldConnect With a Mentor Commented:
You do not need to uninstall v11 (went through this process), you need to make sure to get the v11 to the 11.07MP4a 11.0.7400.1398.  This will update the DB to a point that the sepv12.1.4a can upgrade without uninstall.

The only annoying thing is that the sepv12 checks and periodically detects some "change in system (application install/some update/...." at which point you can go no further.  You would need to reboot the system onto which you want to install the management portion until it is "clear" for the update to go through.
You can upgrade using the SEP management console, under the group structure, replace the existing SEP install packages (the three client packages that are added when SEP 12.x are installed) with the new version.  During the addition of the new package, make sure your options are to use the same settings that exist on the client.  Then you have the option to deal with the scheduling of the install as well as the notification process to the user when an update is about to be performed.

The client when checking with the SEP central system/s will over the period of the scheduled upgrade download the.
These require managed clients.

The other option is to use GPO to push the packages, you would however had to have  used the .msi rather than the .exe package type.
John HurstBusiness Consultant (Owner)Commented:
I had been running V12.1.4 quite well on both Windows 7 and Windows 8.1. I have not worked out exactly why, but the upgrade to V12.1.4a required uninstalling V12.1.4 after a failed upgrade.

So you might consider uninstalling v11 on your server and then installing V12.1.4a. Then try try pushing that out to a few clients and make sure it works. That will guide your later strategy and steps.
WEBINAR: GDPR Implemented - Tips & Lessons Learned

Join the WatchGuard team on Thursday, March 29th as we recount some valuable lessons learned in weighing the needs of a business against the new regulatory environment, look ahead at the two months left before implementation, and help you understand the steps you can take today!

btanConnect With a Mentor Exec ConsultantCommented:
understand that Symantec sends you client installation package updates, and then you add them to the Symantec Endpoint Protection database to distribute them from the SEPM. In your case, you export the packages from the client and note that it should have an installation package (that you can import later) consists of two files. One file is named product_name.dat, and the other file is named product_name.info.

When you export packages, you must browse to a directory to contain the exported packages. That folder should have the files needed, note that the export process creates descriptively named subdirectories in this directory and places the installation files in these subdirectories.

These is an overview for handling the client upgrade.

Next for the upgrade via autoupgrade (which is recommended), there is caution note and besides that I see the rule set and exception should be ported over as well as included in the installation package files. Due to possible bandwidth concerns, it is best to schedule AutoUpgrade for after hours.

Enterprise versions of SEP 11.0.x or 12.1.x cannot be upgraded to the Small Business Edition of 12.1.x.

If you upgrade from 11.x and use Application and Device Control, you must disable the Application Control rule "Protect client files and registry keys." After the clients receive the new policy, you may upgrade using AutoUpgrade.

As a whole, when you upgrade a client, the "overinstall" automatically detects the client, and upgrades and installs it appropriately. You do not need to uninstall existing clients before you install the new version.
btanExec ConsultantCommented:
kswan_expertAuthor Commented:
Thanks for the answers guys, appreciate it.

Arnold - we're on version 11.0.5002.333 and i'd not read that we need to upgrade to 11.07MP4a.   In the upgrade guides it states you can upgrade seamlessly from 11.x. Can you expand on this or post a link?

I was keeping and was at a level where it was an issue.
the setup also uses ms sql as the backend.

Out of abundance of caution when possible, bring the version as close to current before going to new major version.

When you run the installer, it will validate and will let you know if it can not proceed.
btanExec ConsultantCommented:
in case this help, I saw the migration paths for Symantec Endpoint Protection Manager (SEPM) 11.x to Symantec Endpoint Protection 12.1 enterprise edition here

e.g. Supported 11.0.5002.333 (RU5) -> 12.1.671.4971 (RTM) or higher

also for latest upgrade e.g. 12.1.4a  you should already know this link
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.