How do I replace SEPM equipment in a side by side way with EDR?

book

Article ID: 223045

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

I have a Symantec Endpoint Protection Manager (SEPM) + Symantec Endpoint Protection and Response (SEDR) installed and I need to change SEPM equipment.

Which is the right way ?

 

Environment

Release :

Component :

Resolution

High level strategy for side by side migration of SEPM tied to SEDR:

  1. Create a SEPM partner replicator then move clients to the new partner replicator
  2. In EDR, Settings> Global, add and configure new SEPM Controller connection. Be sure to add a single test client group. Failure to do so will cause EDR to send policies to ALL client groups.
  3. Remove old SEPM controller connection.
  4. Within SEPM Controller connection, Add Client Groups one at a time until you gain confidence, then bulk add client groups tp finish enrolling workstations. Depending on the speed of communications between SEPM and SEP clients, it may take up to 24 hours for all targeted SEP clients to get the policy telling them to enroll. Usually, it only takes an hour for the clients to receive the policy in small SEP environments.

Additional Information

Q: EDR information has been duplicated...
...the number of enrolled clients has doubled.

A: This is a temporary symptom. When you remove the original SEPM Controller connection, the duplicates will disappear across the course of 4 days.