Prepare Endpoint Protection clients for cloning


Article ID: 180552


Updated On:


Endpoint Protection




This document lists the best practices for cloning a Symantec Endpoint Protection (SEP) 14/14.2/14.3 client in either a physical, or virtual, environment. If you do not follow these best practices, then cloned Endpoint Protection clients will have duplicate identifiers, which will result in problems with management and inaccuracies in reporting.

These instructions are for Windows clients; for Macintosh clients, see Related Articles.

Prepare clients for cloning using ClientSideClonePrepTool

  1. Install the operating system, needed applications, and all relevant patches.
  2. Install the Endpoint Protection client and update with the latest available definitions.
    If you prepare a version 12.1.671.4971 client installed on Windows 7 or Server 2008, disable Tamper Protection before proceeding to step 3 to avoid the continual reboot of clients created from the prepared image. For more information, see Related Articles.
  3. In SEP 14.0 RU1 and above, turn off Application Hardening feature for this client, otherwise clone prep utility might be blocked when Hardening Enforcement policies are applied.
  4. Run ClientSideClonePrepTool.exe. You must be logged on as a Windows administrator.

Note: For Windows 10 32-bit/64-bit, the ClientSideClonePrepTool.exe tool needs to be run with elevated privileges (e.g. "Run as administrator").

This tool removes all Symantec Endpoint Protection client identifiers and leaves the Symantec Endpoint Protection services stopped. Using this tool should be the last step in the image preparation process, before running Sysprep and/or shutting down the system. Shut down the system after running clone prep; do not restart. If the system or the Symantec Endpoint Protection client services are restarted, then new identifiers are generated and you must run the tool again before cloning.

Silently prepare clients for cloning using manual steps

The ClientSideClonePrepTool does not run silently, but you can script the following steps as a silent alternative. If you script these steps, you must disable Tamper Protection on the Symantec Endpoint Protection client.

  1. Run smc -stop.
  2. Delete all instances of sephwid.xml and communicator.dat on the file system. Possible locations:
    • C:\
    • C:\Program Files\Common Files\Symantec Shared\HWID\
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
    • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\
    • C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData\
    • C:\Users\All Users\Symantec\Symantec Endpoint Protection\PersistedData
    • C:\Windows\Temp\
    • C:\Documents and Settings\*\Local Settings\Temp\
    • C:\Users\*\AppData\Local\Temp\
  3. Delete the following registry values:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ForceHardwareKey
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
    • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID

      NOTE that these values on 64-bit systems have been moved in Symantec Endpoint Protection 12.1 RU5 to HKLM\SOFTWARE\Wow6432Node


Additional Information

REFERENCE ID : : 3629361, 4050441, 4177039, 4178242, 4177195, 4185146

Attachments get_app