How to install Symantec Endpoint Protection Manager(SEPM)
Symantec Endpoint Protection(SEP) is a client-server solution that protects laptops, desktops, and servers in your network against malware, risks, and vulnerabilities.
According to the 2023 Gartner report, Broadcom(Symantec) is categorized as a Niche Player in the Endpoint Protection Platforms domain.
The Symantec Endpoint Protection architecture uses three functional groups of components.
- Symantec Endpoint Protection Manager:Symantec Endpoint Protection Manager is a management server that manages events, policies, and client registration for the client computers that connect to your company’s network.
- Symantec Endpoint Protection Client:The client provides the security protection part of the solution. It downloads policies and sometimes content from the Symantec Endpoint Protection Manager and runs on Windows, Mac, and Linux.
Installing Symantec Endpoint Protection Manager(SEPM)
The current version of Symantec Endpoint Protection must conform to these system requirements.
Software System Requirements
Operating System:
- Windows Server 2012
- Windows Server 2012 R2
- Windows Server 2016
- Windows Server 2019
- Windows Server 2022 (14.3 RU3 and later)
Database:
The Symantec Endpoint Protection Manager includes a default database
- Microsoft SQL Server Express 2014
- Microsoft SQL Server Express 2017
- Sybase embedded database(14.3 MP.x and earlier only)
Hardware System Requirements
- Processor:Intel Pentium Dual-Core or equivalent minimum, 8-core or greater recommended.
- Physical RAM:2 GB RAM available minimum; 8 GB or more available recommended.
- Hard Drive:40 GB available minimum(200 GB recommended) for the management server with a local database.
If you downloaded the product, extract the entire installation file to a physical disk. Run Setup.exe from the physical disk.
Review the sequence of installation events, and then click Next to begin.
In the License Agreement panel, click I accept the terms in the license agreement, and then click Next.
In the Destination Folder panel, accept the default destination folder or specify another destination folder, and then click Next.
Click Install.
After the initial installation completes, you configure the server and database. Click Next.
With the Default configuration for new installation selected, click Next.
The default configuration automatically installs the default database, Microsoft SQL Server Express (as of 14.3 RU1). Version 14.3 MPx and earlier installs the embedded database as the default database.
You may instead choose to use a database from one of the following versions of Microsoft SQL Server:
- SQL Server 2012 RTM — SP4(14.3 RU5 and earlier)
- SQL Server 2014 RTM — SP3
- SQL Server 2016 SP1, SP2
- SQL Server 2017 RTM
- SQL Server 2019 RTM(14.3 and later)
- SQL Server 2022(14.3 RU6 and later)
Enter company name, a password for the default administrator admin, and an email address. Once you verify that you receive the test email, click Next.
You can also add the optional Partner Information, if a partner manages your Symantec licenses, and then click Next.
Indicate whether you want Symantec to receive pseudonymous data, and then click Next to begin the database creation.
When the database creation completes, click Finish to complete the Symantec Endpoint Protection Manager configuration.
The Symantec Endpoint Protection Manager console logon screen appears if you leave the option checked to launch Symantec Endpoint Protection Manager.
Once you log on, you can begin client deployment.
Symantec Endpoint Protection Manager Web Console
The Web Console lets you remotely manage Symantec Endpoint Protection in a browser window.
https://your_sepm_host:8443/console/apps/sepm
You may receive a certificate warning when you access the Web Console.
For more information, see How to install the certificate for Endpoint Protection Manager Web Console access.
Client Deployment Wizard
After you install Symantec Endpoint Protection Manager, you install the Symantec Endpoint Protection client with the Client Deployment Wizard.
Client installation methods
- Save Package:This installation option creates an executable installation package that you save on the management server and then distribute to the client computers.
- Remote Push:Remote push installation pushes the client software to the computers that you specify. The installation begins automatically on the client computers.
- Web Link and Email:Users receive an email message that contains a link to download and install the client software.
Installing Symantec Endpoint Protection clients with Save Package
If you have a small number of clients, use the Save Package method to deploy and install the installation package on the clients.
Click Help > Getting Started Page and then under Required tasks, click Install the client software on your computers.
In the Client Deployment Wizard, do one of the following tasks:
- New Package Deployment:Save Package only installs a new installation package.
- Communication Update Package Deployment:If you want to update Windows or Mac client communication settings on the computers that already have the Symantec Endpoint Protection client installed.
Click New Package Deployment, and then click Next.
Make selections from the available options, which vary depending on the installation package type, and then click Next.
Click Save Package, and then click Next.
Click Browse and specify the folder to receive the package.
For new Windows packages, check Single .exe file(default) or Separate files(required for .MSI). Use Single .exe file unless you require separate files for a third-party deployment program.
Click Next.
Review the settings summary, click Next.
Click Finish.
Save Package creates the installation packages that you can install manually, with third-party deployment software, or with a login script.
Provide the exported package to the computer users.
Installing Symantec Endpoint Protection(SEP)
When you upgrade or install Symantec Endpoint Protection 14.3 RU8 and later, the client user may see the following error message:
Symantec Endpoint Protection can only be installed on systems with Azure Code Signing support. You must install the appropriate Windows security update for this system.
This message appears because the Symantec Endpoint Protection installer detects that the computer does not run a version of Microsoft Windows that supports Microsoft Azure Code Signing.
What is Microsoft Azure Code Signing and why is Symantec adopting it?
Microsoft helps developers use their toolsets to build and distribute applications securely by using Azure Code Signing.
ACS establishes the identity of the publisher of an application and the integrity that it has not been modified since publication. Microsoft requires security vendors to sign binaries using ACS.
Windows operating systems with ACS support
Support for Azure Code Signing was made available in the operating system versions starting with the releases listed in the following table.
To install Symantec Endpoint Protection on Windows Server 2016, download and install the KB5028169 security update from the Microsoft Update Catalog.
Run the Save Package Setup.exe.
Confirm that the client installation succeeded and that clients communicate with Symantec Endpoint Protection Manager.
In the console, click Home. The Total Endpoints in the Endpoint Status have already increased.
In the console, click Clients. In the Name column, look for the clients with a green icon that indicates a succeeded installation.
Thank you for your attention. See you next time!
