Beginning in Symantec Endpoint Protection Manager (SEPM) 12.1.2015.2015 it is possible to export a division of the SEPM database called a Domain. The resulting DAT file contains the group structure and all custom policies and assignment thereof. This information, along with a recovery file from the SEPM's Server Private Key Backup folder, allows you to rebuild the entire SEPM environment from about 1 MB of data, useful for a light-weight Disaster Recovery (DR) method. This export excludes any previous client install package versions (see note), historical log data and any definition content such as: AV (Virus and Spyware), IPS (Intrusion Prevention) and SONAR (Proactive Threat Protection), as these would be stored in a database backup. For disaster recovery with a full database backup, see: TECH160736.
Important: The recovery must be performed on the same version of SEPM from which the Domain Export was collected. Domain Exports from version 12.1.x are not supported on 14.x, nor are exports between minor versions within one of those families.
If the recovery version is lower than 12.1 RU6 MP10 (12.1.7445.7000) or 14 RU1 MP1 (14.0.3876.1100), an upgrade after DR is recommended for best security. (See: https://support.symantec.com/en_US/security-advisory.html for all known security issues.)
Note: Please remove any assigned install packages from groups prior to exporting the domain as this may cause issues adding new packages in the future.
This documentation is divided into two parts:
Note: AD sync settings and some administrator accounts may not be present in a Domain Export.