Endpoint Protection

Regarding migrating from SAV to SEP - I am ready to migrate our SAV 10.1.7 environment to SEP 11.0.6 MP3. My test migration in our VM environment went fine even though I did not disable scheduled scans, LiveUpdate, Tamper Protection, etc. But that was only with 3 clients.

Now that I am about to do this on our production SEPM server, I want to make sure I follow the instructions to the letter. My question is, do I need to keep everything turned off for the duration of the migration, or just when SEP is migrating the groups & settings over from my SAV box?

I will be ugrading the machines by department, probably no more than 15 clients at a time, so I have concerns about leaving everything disabled for the duration. It won't all happen in one day. We will do a department & see if there are any issues, then continue, probably one dept a day.

If I must leave the settings mentioned above disabled for the clients I'm migarting, can I create a group on my SAV server called "Migration" that has all of the above turned off and keep my existing groups as is and move the computers I'm migrating into the "Migration" group?

Thanks for any input!

just disable it during the migration time thats enough...third option is good, you can later move them to the respective groups only the installation is successful..

P.S: I never disabled those settings our install went out fine :)

The reason for disabling those options is that they will persist in a SEP environment although you will be unable to configure them. This is most noticable with scans, as you can have rtvscan scanning the machine due to a left over SAV scan, yet not have any indication in the GUI that a scan is taking place (and nowhere to configure it).

You can temporarly disable those settings, upgrade a group, then re-enable the settings on the SAV server.

Thomas, based on  your response, I logged onto one of my test clients to see if Rtvscan was running. It was. I then searched for the file and found that the version is 11.0.6300.541. If this is leftover from the previous version as you mentioned, why does the version match my version of SEP? Or am I misunderstanding your response?

I'm attaching a screenshot for reference.

its not a left over its a new one..

RTVSCAN is the main scanning engine, this wil run even if u disable scan, coz file system autoprotect will also run under rtvscan.exe

Sorry let me clarify that a bit. 

Scans are kept in the registry, in SEP, they are stored in a different location than they were in SAV. Rtvscan (which is the process that actually scans the files), will look in the registry for when it needs to start a scan (and what type of scan, etc). Rtvscan will check both the SAV scan location and the SEP scan location, and if it finds a scheduled scan then it will start. 

The GUI on the other hand doesn't look at the SAV registry location for scans, so it doesn't update for any of the SAV scans that may exist, even though Rtvscan may have found a SAV scan setting and is currently scanning.

Thanks for the clarification. I'm not really concerned about dupliacte scans running. One of my groups currently runs scans every Friday at 12:00 pm and another group runs its scans Thursday night at 10 pm. It will be the same in SEP, so I don't see how this could be a problem. I've had no issues with my test boxes, so it seems like nothing to worry about, but thanks for the heads up!

You have to disable nothing , trust me, It will run smooth :)

Hello,

I have suggested the below Steps for Migration from SAV 10 To SEP 11 (Normally, Customers would like to Install SEPM on either the same Server where the Symantec System Center is Installed OR on Different server computer)

1) Install Symantec Endpoint Protection Manager,

2) Create new SEP 11 packages for new Deploy on all the other machines.

3) Deploy the packages to all SAV 10 client machines, which will migrate all the clients to SEP (this could be done either with the help of "Migration and Deployment Wizard" OR "Find Unmanaged Computers"

Till the time the migration is over, the clients which haven't migrated from SAV 10 will communicate to Symantec System Center 10.

4) Once all the machines have been migrated from SAV 10 to SEP 11

(Except on the same server machine where the Symantec System Center 10 is installed, as SEP will not get installed till Symantec System Center 10, SCS 3.1 is uninstalled.),

5) Uninstall Symantec System Center 10, SCS 3.1 on the server

6) Install SEP on the same machine where the Symantec System Center 10 was uninstalled.

Symantec Knowledgebase Articles for Migration.

1) How To Migrate From Symantec Antivirus System Center Console To Symantec Endpoint Protection Manager

http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/eda2ac3faa9a31b0882574f90001484e?OpenDocument

2) Obtaining an upgrade or update for Symantec Endpoint Protection 11.x or Symantec Network Access Control 11.x
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007121216494948?Open&docid=2007121216360648&nsf=ent-security.nsf&view=docid

3) 'Installing and configuring Symantec Endpoint Protection 11 for the first time'
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007082915561148?Open&src=w

4) Creating custom Client Installation packages in the Symantec Endpoint Protection Manager Console
http://service1.symantec.com/support/ent-security.nsf/854fa02b4f5013678825731a007d06af/c741ec26fa674b1e8825738a0076abf3?OpenDocument

5) How to Deploy Symantec Endpoint Protection to your client computers using the Migration and Deployment Wizard.
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2007111409432848