Recently I was required to reinstall the current version of Symantec Endpoint our organisation is running (12.1.6) but with extra features from when the initial install was configured. We were wanting to add 'Proactive Threat Protection' and also 'Network Threat Protection'.
The issue with this is that 1.) Symantec did not like an update pushing from a remote source (SCCM server) and 2.) SCCM thought the software was already installed as it had the same product ID.
To get around this I had to create a task sequence with a couple of steps.
Step 1:
- Setup a command line in the task sequence to run the following commands and make sure you tick "continue on error" on these steps.
* CMD /C "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe" -stop
* CMD /C "C:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe" -stop
Step 2:
- Create an application in SCCM with the same sep64.msi install but call it something different. In the Deployment Types screen go into the Detection Method tab. In here I modified the MSI Product Code by just changing the last characters so it didn't think it was the same version of the application. Once this is done add it into the task sequence and again make sure you tick "continue on error" otherwise you will get a failed report back when it did update. Open Symantec Endpoint on the client and you should see the new features are now enabled.
I did also try creating a batch file pointing straight to the msi file and this seemed to update properly however I don't really like using this method and prefer using the msi/exe files wherever possible as it makes future updates and roll outs easier.
The issue with this is that 1.) Symantec did not like an update pushing from a remote source (SCCM server) and 2.) SCCM thought the software was already installed as it had the same product ID.
To get around this I had to create a task sequence with a couple of steps.
Step 1:
- Setup a command line in the task sequence to run the following commands and make sure you tick "continue on error" on these steps.
* CMD /C "C:\Program Files (x86)\Symantec\Symantec Endpoint Protection\smc.exe" -stop
* CMD /C "C:\Program Files\Symantec\Symantec Endpoint Protection\smc.exe" -stop
Step 2:
- Create an application in SCCM with the same sep64.msi install but call it something different. In the Deployment Types screen go into the Detection Method tab. In here I modified the MSI Product Code by just changing the last characters so it didn't think it was the same version of the application. Once this is done add it into the task sequence and again make sure you tick "continue on error" otherwise you will get a failed report back when it did update. Open Symantec Endpoint on the client and you should see the new features are now enabled.
I did also try creating a batch file pointing straight to the msi file and this seemed to update properly however I don't really like using this method and prefer using the msi/exe files wherever possible as it makes future updates and roll outs easier.
Comments
Post a Comment