This article will provide information on how to install the Symantec Endpoint Encryption client MSI package (SEE Client).
This article also offers general guidelines about Deployment of the client.
The Symantec Endpoint Encryption Client (SEE Client) installation package is a standard MSI package. It can be installed simply by double-clicking the installation package or it can be installed using a command line.
Double-clicking is a manual effort and requires Administrative permissions.
This article is geared more towards mass deployment using tools such as Symantec IT Management Suite (ITMS/Altiris or other similar products).
Third-party Deployment Applications: The SEE Client can be deployed with any of the deployment solutions that can deploy MSI files.
There are no special steps needed to be taken but the general guidelines is to use the commands that are supported by MSFT installer.
When in doubt, reach out to Symantec Encryption Support for further guidance.
Scenario 1: Basic installation command for the SEE Client:
msiexec /i "SEE Client_x64.msi"
This will show the user the UI for applicable options and the installation progress bar.
Result: The installation option above can be used for "net-new" installations as well as upgrades of the client.
Scenario 2: Basic installation command for the SEE Client, but logging the installation process to a file:
msiexec /i "SEE Client_x64.msi" /l*vx "C:\logs\SEE_Installation.log"
As you can see in the command above, there is an option "/l*vx", this is to output the installation log file somewhere on the machine to be reviewed post installation. This is an option we recommend, but can be omitted. If omitted, the installation log file will automatically be saved to %tmp% on the profile running the installation.
If you are running as SYSTEM or remote installation, we do recommend using this command so you know the file will be saved to a specific location.
Result: The installation option above can be used for "net-new" installations as well as upgrades and will output the process to a log file.
Scenario 3: Advanced installation command for the SEE Client, logging the installation process to a file, as well as suppressing the UI:
msiexec /i "SEE Client_x64.msi" /qn /l*vx "C:\logs\SEE_Installation.log"
Result: The installation option above can be used for "net-new" installations as well as upgrades without showing the UI to the current logged on user and will log the installation process to a log file.
The user will be prompted to reboot the machine.
Scenario 4: Everything included in Scenario 3, but adding in a "/norestart" option so the machine can continue to be used without rebooting:
msiexec /i "SEE Client_x64.msi" /qn /norestart /l*vx "C:\logs\SEE_Installation.log"
Result: The installation option above can be used for "net-new" installations as well as upgrades without showing the UI to the user and suppressing the reboot. The result will be logged to an installation file.
Intune Deployment Software
Intune Deployment software can also be used to deploy the SEE Client. In order to deploy, the following conditions should be met:
*The machine's partitions should be clean to ensure no previously-encrypted partitions cause issues.
If the system was previously encrypted, using Diskpart's "
clean" command is an effective way to clean drives before installing.
*Before introducing the SEE Client into the Intune imaging process, first test and ensure your general image is working.
Before installing the SEE Client, perform one reboot of the system to ensure everything is working.
*The machine in question has the "MSFT UEFI CA" Option is set to allow Third-party Bootloaders.
See article 266204 for more information on this topic.
*All the supported MSIEXEC installation options are supported and are able to be used with Intune to install the SEE Client.
Once the SEE Client is installed, rebooting is recommended shortly after, and before any other major updates to the system.
Important Note on /norestart: This is useful if you are deploying the SEE Client to machines in the environment during the work day and you want to allow your end users to continue using their machine. However, it is important that the machine be rebooted within roughly 8 hours, the shorter the better. We recommend building in a timer so that once the installation is complete, pop a message to the user stating the system will reboot in X hours. It is also important that the system be rebooted prior to performing any other maintenance on the system, such as Windows updates, or other security software.
It is recommended that when you deploy the SEE installation, it is the only installation process deployed to system to ensure the installation does not interfere with other options.
Important Note on Repairs: If you are trying to do a "Repair" of a system, it is important to address this situation carefully. Installing the same version and build of the SEE client over the top of the same version and build is not supported.
During these "Repair" situations, reach out to Symantec Encryption Support for further guidance. Under no circumstances should "reinstallmode=vemus" be used.
Keywords: Installation of the SEE Client
install SEE Client