Tag Archives: Symantec

How to move Symantec Endpoint Protection Manager to Another Server

I recently had to move a Symantec Endpoint Protection Manager to another server, I moved ti to another server meaning one with a different IP address and Host name.

You’re reasons for needing Moving Symantec Endpoint Protection Manager to another server are your own, but either way, here is how I did it.

Looking around the web you’d find that there 2 ways to getting around this.

1 Using Replication Method
2 Backup-Restore Method

Out of the two the replication method seemed to make more sense, and looked the easiest to get done.

In summary what we need to do is:

  1. Install SEPM on a new server
  2. Configure it for replication with the first site
  3. Change the priorities of the management servers to reflect that this new server is of higher priority; or simply assigning all groups to
    this new server.
  4. Uninstalling old SEPM

Here is now you do that, step-by-step:

  1. First install Symantec Endpoint Protection Manager on a new server
  2. When you get to the Management Server Configuration Wizard panel, go through with the Advanced Configuration type; Select how many computers will be managed by this server
  3. Choose to Install an additional site. This is the only option that will install a Management Server and a database for replication.
  4. In the Server Information panel, accept or change the default values and then click Next
  5. In the Site Information panel, accept or change the name in the Site Name box and then click Next. The Site Name cannot be the same as what you have on your other SEPM.
  6. In the Replication Information panel, type values in the following boxes:
    Replication Server Name (The Name or IP address of the old Symantec Endpoint Protection Manager)
    Replication Server Port (The default is 8443)
    Administrator Name (The Username used to log on to the old console)
    Password (The password used to log on to the old console.)
  7. Click Next
  8. In the Certificate Warning dialog box, click Yes
  9. In the Database Server Choice panel select either the Embedded database or the Microsoft SQL Server irrespective of what you have on your old server and click Next to complete the installation.
  10. Log in to the new Symantec Endpoint Protection Manager (SEPM) and ensure that all the clients and
    policies are Migrated successfully
  11. Click Policies
  12. Click Policy Components
  13. Click Management Server Lists.
  14. Select the Default Management Server List for ‘NEW SEPM’
  15. Click Assign the List
  16. Select all the locations, groups and click Assign to replace the existing Management Server list with the old server with the new one.
  17. Wait for all the clients to reflect this change and connect to the new server. We can go through logs entries or on the SEPM Clients tab of the new server, you’d see the computer icon with a green dot for the ones connected to it, and a computer icon with a red arrow showing the clients still connected to the other server.After the successful Migration. I let this configuration run for a few days before the following
  18. Uninstall the old Symantec Endpoint Protection Manager (SEPM)
  19. Log in to the new SEPM and delete the old SEPM server from the Replication partners list and the Remote Sites
  20. Under the Management Server Lists Policy Component, Delete the Default Management Server List for ‘OLD SEPM’

The original of the above steps can be found at:
http://www.symantec.com/connect/forums/move-sepm-console-one-server-another

I’ve edited the above based on my experience to hopefully bring in a little bit of clarity.

This worked for me perfectly and I Hope this works for you too. However it’s advisable to first read Best Practices for Disaster Recovery with Symantec Endpoint Protection and be prepared for the worst.

Symantec Client Security and Symantec AntiVirus Elevation of Privilege

Heres a nasty little problem with Symantec Antivirus Corperate Edition, in theroy if you don’t patch the antivirus itself can be exploited to run apps on your system.

Symantec was notified that Symantec Client Security and Symantec AntiVirus Corporate Edition are susceptible to a potential stack overflow. Exploiting this overflow successfully could potentially cause a system crash, or allow a remote or local attacker to execute arbitrary code with System level rights on the affected system.

Whats interesting is if you have a firewall enabled it shouldn’t be able to get though unless you open the remote administration port (TCP 2967)

SYM06-010 – Symantec Client Security and Symantec AntiVirus Elevation of Privilege