If you want, I can:
Upgrading from Symantec Endpoint Protection (SEP) 14.2 to 14.3 is a multi-step process that requires updating the management server before the client machines. 1. Preparation and Backup
Before starting, ensure your environment is ready to prevent data loss or downtime: Back up the Database: Symantec Database Backup and Restore tool to create a fresh backup of your SEPM database. Check System Requirements:
Version 14.3 may have different OS or hardware requirements. Verify them on the Broadcom TechDocs Turn off Replication:
If you have multiple management servers, disable replication before starting the upgrade. 2. Upgrade the Symantec Endpoint Protection Manager (SEPM)
The management console must always be at a version equal to or higher than the clients. Download the Installer: Obtain the 14.3 installation files from the Broadcom Support Portal Run Setup.exe:
Choose "Install Symantec Endpoint Protection Manager" from the splash screen. Upgrade Wizard:
The installer will detect your 14.2 version and offer to upgrade. Follow the prompts. Management Server Configuration Wizard:
After the files are installed, this wizard will run automatically to update the database schema. Ensure it finishes successfully before moving to the next step. 3. Upgrade the SEP Clients
Once the server is on 14.3, you can push the update to your endpoints. Auto-Upgrade: In the SEPM console, go to Clients > [Group Name] > Policies > Client Upgrade Settings
. Check the box for "Enforce client upgrade to version" and select the 14.3 package. Manual Export: If you prefer manual installation, go to Admin > Install Packages
, export the 14.3 client, and run it on the target machines. 4. Post-Upgrade Verification Check Client Status: SEPM Dashboard to confirm that clients are reporting back as version 14.3. Update Policies:
If you notice communication issues, right-click the SEP icon on a client and select Update Policy to force a refresh. Broadcom TechDocs Do you need help troubleshooting
a specific error encountered during the database migration or client deployment?
Updating security policies on the Windows client - Broadcom TechDocs
Upgrading Symantec Endpoint Protection (SEP) from version 14.2 to 14.3 involves a sequential process where you must update the management server before the client software. 1. Pre-Upgrade Checklist
Before starting, ensure your environment meets the necessary requirements to prevent installation failure:
System Backup: Perform a full backup of the database, logs, and recovery files found in %Symantec\Symantec Endpoint Protection Manager\data\backup. Verify System Requirements:
Server (SEPM): Minimum 2 GB RAM (8 GB recommended) and at least 5 GB of free disk space.
Client (SEP): Support varies by build. Note that 14.3 RU6 and later no longer support 32-bit Windows operating systems.
Stop Services: Manually stop the Symantec Endpoint Protection Manager (SEPM) service on all management servers in your site. 2. Upgrading the Management Server (SEPM)
Do not uninstall your existing version; the installer will update the current installation.
Obtain the Installer: Download the latest 14.3 RU (Release Update) from the Broadcom Support Portal.
Handle Replication: If you have multiple sites, stop replication by right-clicking the site in the console and choosing "Cancel Replication" before upgrading.
Run Installation: Execute the Symantec_Endpoint_Protection_14.3.x_SEPM_EN.exe file. The server services will automatically restart once the process is complete. 3. Upgrading the Clients
Once the SEPM is upgraded, you can push the new client software to your endpoints using several methods:
Upgrading from Symantec Endpoint Protection (SEP) 14.2 to 14.3 is a critical transition that introduces modern security features, including enhanced Endpoint Detection and Response (EDR) capabilities and support for newer operating systems like Windows 11 and Apple M-series chips. Pre-Upgrade Checklist
Before starting the upgrade, ensure your environment meets the system requirements for SEP 14.3 to avoid installation failures: symantec endpoint protection upgrade 14.2 to 14.3
Memory: The Symantec Endpoint Protection Manager (SEPM) requires a minimum of 2 GB RAM, though 8 GB is strongly recommended.
Storage: A minimum of 40 GB of available disk space is required if the SQL database is local; 100 GB is recommended for larger environments.
Database: Ensure your Microsoft SQL Server version is compatible. Version 14.3 RU5 and later may require specific configurations for encrypted communication.
Backups: Always perform a full backup of your SEPM database and configuration settings before initiating an upgrade. Step-by-Step Upgrade Process 1. Upgrade Symantec Endpoint Protection Manager (SEPM)
The management server must always be upgraded before the clients.
Stop Services: For versions 14.3 RU8 or earlier, you must manually stop the SEPM service on all sites before installation to prevent file locking.
Manage Replication: If using multiple management servers, cancel any active replication tasks.
Run Installer: Launch the 14.3 installation package as an administrator. The wizard will handle database schema upgrades and import new client packages.
Verification: After the wizard completes, log into the console to verify that the version now reflects 14.3. 2. Upgrade SEP Clients
Once the server is stable, you can deploy the new agent to endpoints using several methods:
AutoUpgrade: This is the most efficient method for most environments. You assign the 14.3 package to specific client groups in the SEPM console, and the clients will automatically update according to your schedule.
Client Deployment Wizard: Use this tool to create custom installation packages that can be pushed remotely or distributed via web links.
Staggered Rollout: Use the Client Upgrade policy to schedule updates over multiple days to minimize network congestion. Key Improvements in version 14.3
Upgrading Symantec Endpoint Protection (SEP) from version 14.2 to 14.3 involves a sequential process, requiring the management server (SEPM) to be upgraded before client agents, often via an "over-install" method. Critical pre-upgrade steps include backing up the database, checking system requirements (8 GB RAM recommended), and disabling replication. For comprehensive upgrade documentation, visit Broadcom TechDocs. Upgrade Symantec Endpoint Protection Manager 14.x
Upgrading from Symantec Endpoint Protection (SEP) 14.2 to 14.3 is an in-place process that requires careful preparation of the management server before rolling out client updates. Phase 1: Pre-Upgrade Preparation
Before starting the installer, ensure your environment meets the new 14.3 requirements. System Requirements
: 14.3 RU9 and earlier support Windows Server 2012/2012 R2, while later versions require Windows Server 2016, 2019, 2022, or 2025. Database Health Back up your SEPM database, logs, and recovery files. If using a local SQL Server database, ensure at least of available disk space (200 GB recommended). Stop Replication
: If you have multiple management servers, cancel replication between sites before starting. Disable 3rd-Party Software
: Do not perform third-party installations (like OS updates) simultaneously with the SEP upgrade. Broadcom TechDocs Phase 2: Upgrading the Management Server (SEPM) The SEPM must always be upgraded before the clients. Stop Services : Manually stop the Symantec Endpoint Protection Manager API Service Web Server services on all management servers in your site. Run Installer : Run the 14.3 setup.exe as an Administrator. Upgrade Wizard
The wizard will automatically upgrade the database schema and import new client packages (Windows, Mac, and Linux).
You can choose to run LiveUpdate during the upgrade or skip it to save time. Verification
: Log into the SEPM console to verify the version is now 14.3. Services should restart automatically after completion. Phase 3: Upgrading the Clients Once the server is stable, use AutoUpgrade to update your endpoints.
Upgrading from Symantec Endpoint Protection (SEP) 14.2 to 14.3 involves a specific sequence: upgrading the management server (SEPM) first, followed by the client agents. Pre-Upgrade Checklist
Before starting, ensure your environment meets the updated requirements for version 14.3:
System Requirements: SEPM 14.3 requires a minimum of 2 GB RAM (8 GB recommended), especially if SQL Server is on the same machine.
Operating System: Ensure support for your OS. For example, 14.3 RU8 and later drop support for 32-bit operating systems.
Backups: Perform a full disaster recovery backup of your database and SEPM settings. If you want, I can:
Replication: If you use multiple management servers, manually stop replication before beginning. Upgrade Steps for SEPM
Smooth Transition: Upgrading Symantec Endpoint Protection (SEP) 14.2 to 14.3
Upgrading your security infrastructure can be daunting, but moving from Symantec Endpoint Protection (SEP) 14.2 to the 14.3 release is a significant step toward modernizing your defense. Version 14.3 introduces critical enhancements like Antimalware Scan Interface (AMSI) integration and support for newer operating systems like Windows Server 2022 and SQL Server 2019.
Here is a streamlined guide to ensure your upgrade is successful and your endpoints remain protected. Why Upgrade to 14.3?
Before diving into the "how," here’s why the "why" matters:
AMSI Support: Protection against dynamic script-based malware (PowerShell, JavaScript).
Broader OS Support: Full compatibility with newer Windows 10/11 builds and Linux distributions like Ubuntu 18.04 and RHEL 8.
Infrastructure Improvements: The management server (SEPM) now supports Java 11, improving performance and security for the console. Pre-Upgrade Checklist
Don't hit "Install" just yet. Follow these Best Practices to avoid common pitfalls:
Backup Everything: Perform a full VM snapshot and use the SEPM database backup tool located in the %Symantec%...\\data\\backup folder.
Stop Replication: If you have multiple SEPM sites, cancel replication before starting the upgrade.
Check Requirements: Ensure your server has the Visual C++ 2017 redistributable (a prerequisite for 14.3) and enough disk space for the new database schema.
Pause Services: Manually stop the three main SEPM services (Manager, API Service, and Web Server) and any syslog services that might lock files. Step-by-Step Upgrade Process 1. Upgrade the Management Server (SEPM)
Download the 14.3 package from the Broadcom TechDocs portal.
Run the setup as an Administrator. The wizard will handle the database schema migration automatically.
Tip: Skip the "LiveUpdate" during installation to save time; you can run it once the console is back up. 2. Re-enable Services and Replication
Once the installer finishes, the management services should start automatically. Log in to the console to verify the version has updated, then re-enable any replication partners you paused earlier.
Comprehensive Guide to Upgrading Symantec Endpoint Protection from 14.2 to 14.3
Upgrading Symantec Endpoint Protection (SEP) from version 14.2 to 14.3 is a critical move for maintaining enterprise security. This upgrade introduces significant enhancements, including Antimalware Scan Interface (AMSI) integration and expanded support for modern operating systems like Windows 10 version 2004. This guide provides a detailed walkthrough of the upgrade process, following industry-standard best practices. Why Upgrade to SEP 14.3?
Transitioning to 14.3 offers more than just bug fixes; it delivers a robust leap in protection technology:
Security Enhancements: Integration with Windows AMSI allows for deeper scanning of script-based threats.
Performance Improvements: Optimized parsing technology for common attack vectors like Office files, PDFs, and task scheduler XML.
Modern Support: Native support for Java 11, SQL Server 2019, and broader Linux distributions including Ubuntu 18.04 and RHEL 8.
WSS Integration: Enhanced web application support via WSS PAC file redirection for custom proxy configurations. Phase 1: Pre-Upgrade Requirements and Planning
Before starting the installation, ensure your environment meets the minimum technical specifications for the management server (SEPM) and clients. 1. System Requirements for SEPM 14.3
Memory: Minimum of 8 GB RAM is recommended, especially if Microsoft SQL Server is hosted on the same machine.
Storage: At least 40 GB of available disk space (200 GB recommended for local SQL databases). Upgrading from Symantec Endpoint Protection (SEP) 14
Operating System: Supports Windows Server 2012, 2016, 2019, and 2022 (starting from RU3).
Dependency: Windows Server 2012 R2 requires the Visual C++ 2017 redistributable as a prerequisite. 2. Preparation Checklist
Backup: Perform a full backup of the SEPM database, logs, and recovery files.
Pause Replication: If you have multiple SEPM sites, stop the replication process before initiating the upgrade.
Third-Party Conflicts: Avoid running third-party software installations simultaneously, as they may interfere with system-level changes.
Phase 2: Upgrading Symantec Endpoint Protection Manager (SEPM)
The upgrade process for the management server is an "over-install," meaning it preserves existing settings while updating the core application.
Upgrading the Symantec Endpoint Protection Manager (SEPM) from 14.2 to 14.3 is generally straightforward, but it requires more prep work than previous "point" updates.
Database Schema: 14.3 introduces significant database schema changes. Depending on your log size, the upgrade process can take longer than usual.
Java Requirements: 14.3 often requires an update to the underlying Java Runtime Environment (JRE), which the installer typically handles, but it can trigger unexpected service restarts.
Backward Compatibility: One of the strongest points is that 14.3 SEPM remains highly compatible with 14.2 (and even older) clients, allowing for a staged rollout of the agent software. 2. Performance and Footprint
The "Lean Client" architecture introduced in later versions of 14.2 is fully realized in 14.3.
Reduced Definitions: 14.3 utilizes advanced cloud-based lookup. Instead of downloading massive virus definition files to every endpoint, the client is significantly smaller, which is a lifesaver for remote users on limited bandwidth.
Memory Usage: The agent's idle memory consumption remains low, but the real improvement is in the disk space footprint, which is roughly 60–70% smaller than the classic 14.2 full installation. 3. Key Feature Enhancements
The leap to 14.3 is less about "new buttons" and more about "new intelligence":
SES Integration: 14.3 acts as the bridge to Symantec’s cloud console. Even if you stay on-premises, the hooks for hybrid management are much more robust.
WSS Integration: Integration with Symantec Web Security Service (WSS) is much tighter, allowing for better protection against web-based threats directly at the endpoint level.
Enhanced Linux Support: 14.3 finally brought a more modern approach to Linux protection, moving away from the cumbersome kernel-level drivers that often caused system crashes during OS updates. 4. The Challenges
Cloud Pressure: Broadcom (which now owns Symantec) is pushing heavily toward the cloud. If you are a purely "air-gapped" or on-premises purist, you may find the 14.3 interface and documentation nudging you toward cloud features you might not want.
Licensing Complexity: Following the Broadcom acquisition, the licensing portal and credentialing for updates can be a hurdle during the initial upgrade phase if your account isn't fully migrated. Final Verdict
The upgrade from 14.2 to 14.3 is highly recommended, specifically for the reduced endpoint footprint and the modernized Linux agent. While the core antivirus engine remains the gold standard, the move to 14.3 is essentially about future-proofing your environment for a hybrid-cloud world. It stabilizes many of the "experimental" lean features of 14.2 into a production-ready suite.
Cause: The SEPM system account lacks rights, or the remote client has no admin share. Fix: Use the "Client Deployment Wizard" to specify a domain admin account. Alternatively, switch to the Logon Script or Email deployment method instead of push.
A failed upgrade is usually due to skipped prerequisites. Do not proceed until you have verified the following:
Upgrading from 14.2 to 14.3 is a practical step that sharpens protection, tightens control, and reduces operational friction. Below is a concise, energetic narrative that walks through why the upgrade matters, what to expect, and practical, battle-tested tips to make the migration smooth.
Cause: SQL Server Browser disabled or TCP/IP protocols off. Fix: Enable SQL Browser service. Open SQL Server Configuration Manager -> SQL Server Network Configuration -> Protocols for SEPM -> Enable TCP/IP. Restart SQL Server service.
Upgrade SEPM before upgrading clients.
| Activity | Duration | |----------|----------| | Pre-upgrade backup & health check | 2–4 hours | | SEPM upgrade | 30–60 minutes | | Client upgrade (phased) | 3–10 days (depending on scale) | | Post-validation & testing | 1–2 days | | Total project | 1–2 weeks |