After installing Endpoint Security on a client, it moves automatically to a group syncd from an On-Premises Endpoint Protection Manager
book
Article ID: 174314
calendar_today
Updated On:
Products
Endpoint ProtectionEndpoint Security for ServersEndpoint Security CompleteEndpoint Security
Issue/Introduction
If a Symantec Endpoint Security (formerly Endpoint Protection 15) client is installed on a device which was previously sync'd to the Cloud Portal through a cloud-enrolled Symantec Endpoint Protection Manager (SEPM), it will automatically move to the group it was previously in. This can even happen if the SEP 14.1/14.2 client is uninstalled before deploying Endpoint Security to it. Below is a sample sequence of events.
Install On-Premise 14.1/14.2 SEPM and deploy clients to a group called "Test_Group"
Enroll SEPM with the cloud portal and let everything sync
Uninstall the SEP 14.1/14.2 client from the device
In the Cloud portal, deploy a package: Devices -> Installation Package -> Direct Installation package (Default group), then export the package and install
After installation completes, the Endpoint Security client will move to the "Test_Group" instead of the Default group
Resolution
There are two methods to avoid this scenario:
Do an inplace upgrade of the SEP 14.2 client to Endpoint Security (formerly SEP 15).
Delete the device through the SEPM, let the deletion event sync with the Cloud Portal, then proceed with the Endpoint Security deployment after uninstalling the existing client.