You need to know the steps and tools / utilities required to prepare Symantec Endpoint Protection (SEP) clients for cloning or composing a VDI golden image.

This document lists the best practices for cloning a SEP 14/14.2/14.3.x client in either a physical, or virtual, environment. If you do not follow these best practices, then cloned Endpoint Protection clients will have duplicate identifiers, which will result in problems with management and inaccuracies in reporting.

NOTE: For 14.3 RU6+, this tool has been replaced by the SMC -Image command. See RU6 section below.

Prepare clients for cloning using smc.exe (14.3 RU6 and above)

1. Install the operating system, needed applications, and all relevant patches
2. Install the Endpoint Protection client and update with the latest available definitions
3. Open a command using Run as Administrator and run the following: start smc -image

For Symantec Endpoint Security (SES) clients, see Installing Symantec Agent on a client device without automatically enrolling it.

These instructions are for Windows clients; for Macintosh clients, see Deploying Endpoint Protection for Mac as part of a drive image for cloning.

Prepare clients for cloning using ClientSideClonePrepTool (14.3 RU5 and Below)

1. Install the operating system, needed applications, and all relevant patches
2. Install the Endpoint Protection client and update with the latest available definitions
3. Download and extract the tool for your client version: 14.3 RU4 and below - ClientSideClonePrepTool.zip; 14.3 RU5 - 1658944830786__ClientSideClonePrepTool_14_3_5.zip
4. In SEP 14.0 RU1 and above, turn off the Application Hardening feature for this client, otherwise the clone prep tool might be blocked when Hardening Enforcement policies are applied
5. Disable Tamper Protection or create a Tamper Protection Exception for the complete tool path: e.g. C:\TEMP\ClientSideClonePrepTool.exe
6. Run ClientSideClonePrepTool.exe (You must be logged on as a Windows administrator.)

Note: For Windows 10 32-bit/64-bit, the ClientSideClonePrepTool.exe tool needs to be run with elevated privileges (e.g. "Run as administrator").

This tool removes all Symantec Endpoint Protection client identifiers and leaves the Symantec Endpoint Protection services stopped. Using this tool should be the last step in the image preparation process, before running Sysprep and/or shutting down the system. Shut down the system after running clone prep; do not restart. If the system or the Symantec Endpoint Protection client services are restarted, then new identifiers are generated and you must run the tool again before cloning.

Silently prepare clients for cloning using manual steps

The ClientSideClonePrepTool does not run silently, but you can script the following steps as a silent alternative. If you script these steps, you must disable Tamper Protection on the Symantec Endpoint Protection client.

1. Run smc -stop
2. Delete all instances of sephwid.xml and communicator.dat on the file system. Possible locations:
   • C:\
   • C:\Program Files\Common Files\Symantec Shared\HWID\
   • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Config
   • C:\Documents and Settings\All Users\Application Data\Symantec\Symantec Endpoint Protection\PersistedData\
   • C:\ProgramData\Symantec\Symantec Endpoint Protection\PersistedData\
   • C:\Users\All Users\Symantec\Symantec Endpoint Protection\PersistedData
   • C:\Windows\Temp\
   • C:\Documents and Settings\*\Local Settings\Temp\
   • C:\Users\*\AppData\Local\Temp\
3. Delete the following registry values:
   • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\ForceHardwareKey
   • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HardwareID
   • HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink\HostGUID

NOTE: In supported versions prior to 14.3 RU5 these values on 64-bit systems have been moved to HKLM\SOFTWARE\Wow6432Node.
14.3 RU5 and higher will use the above keys as it is a native 64-bit client.
NOTE: Tamper protection will need to be disabled in policy to edit and clear these values.

Note: Disable Tamper Protection when using smc -image.