Upgrade Symantec Endpoint Protection Manager 14.x

This post is to record the steps I took to upgrade my SEPM servers from 14.2.0 RU1 to 14.2.2 MP1.

In 14.2.0 version, there are multiple vulnerabilities found relating to that version:
SYMSA1505 (https://support.symantec.com/us/en/article.SYMSA1505.html)

14.2.2 MP1 actually fixed those issues.

14.2.2 also has another vulnerability found and it can be fixed by 14.3.

As to upgrade process, Symantec has an upgrade documentation for it.

https://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-protection/all/upgrading-to-a-new-release-v14510472-d27e6.html

Backup and Download Software

If it is vm, take a snapshot. else you will need follow the guide to do a system backup.

Download the latest version of Symantec software

Upgrading Steps

1. stop replications

Cancel replication by right clieck site bcp-sepm01 or main-sepm01

cancel it on both servers.

not required to delete partner


2. Stop the Symantec Endpoint Protection Manager (SEPM) service (3 services)
Stop any Syslog services or similar running on the SEPM that could potentially lock SEPM files or folders and cause the upgrade to fail.

Before you upgrade, you must manually stop the Symantec Endpoint Protection Manager service on every management server in your site. After you upgrade, the management server automatically starts the service.

3. Start installation of new SEPM

either one can go first.


No need to start the SEPM services manually. It will be started automatically.


4. start replication from both servers.

5. Upgrade Clients
Distribute upgrades over 0 days
Upgrade schedule can be controlled


YouTube Video:

References:

• Upgrade or migrate to Endpoint Protection 14.2.x
• Upgrade best practices for Endpoint Protection 14.x