Upgrading Legacy Clients

To see the supported upgrade paths, see the Release Notes for the Endpoint Security client version to which you want to upgrade. Legacy clients are those earlier than version E80. You must enter password information to upgrade legacy Secure Access and Full Disk Encryption.

Offline Upgrades

During an offline upgrade, the endpoint has no connection with the Endpoint Security Management Server. For this reason, the Preupgrade.exe package delivered to the client must contain:

• All the passwords necessary to successfully uninstall legacy products
• The new client with the necessary Software Blades and policies

Offline upgrades use the Preupgrade.exe file, which is automatically created in the same directory as the MSI package.

To create an offline upgrade package:

1. On the Deployment tab, select Packages for Export from the tree.
2. Click Add.

   A new package shows in the list.

3. Optional: Change the package Name and Version.
4. In the Settings column, select Support client preinstall upgrade.
5. Under Support client preinstall upgrade, make these selections as necessary:
   1. Silent Mode - Choose if silent mode is active. When active, the procedure tool runs silently without user intervention. If silent mode is not active, users can see the GUI of the Upgrade tool. If silent mode is active, select what happens after the upgrade:
      • Force restart after upgrade.
      • Prompt user to restart after upgrade.
   2. Secure Access upgrade - To enable a Secure Access upgrade you must enter the uninstallation password. Click on Legacy Secure Access upgrade not supported and select Configure Upgrade Password.

      In the Legacy Secure Access Upgrade window, select Support Legacy upgrade and enter and confirm the uninstallation password.

   3. Legacy Full Disk Encryption upgrade - To enable an upgrade from legacy Full Disk Encryption EW, you must enter the uninstallation password. Click on Legacy Full Disk Encryption EW upgrade not supported and select Configure Upgrade Password.

      In the Legacy Full Disk Encryption EW window, select Support Legacy upgrade and enter and confirm the uninstallation password.

6. Make sure the Software Blades in the Desktop Blades and Laptop Blades columns are correct.
7. Optional: In the Settings column, add a Virtual Group destination for the package. Click Do not export to Virtual Group and select New.
8. Select File > Save.
9. Select the package and click Export Package.
10. In the Export Package window:
    1. Select the platform versions (32/64 bit) to export for laptops and desktops.
    2. Enter or browse to a destination folder.
11. Click OK.

    The PreUpgrade.exe files are downloaded to the specified path.

12. Send the PreUpgrade.exe files to endpoint users. Endpoint users manually install the packages. They must use Administrator privileges.

    You can also use third party deployment software, a shared network path, email, or some other method.

To install the offline upgrade, users must:

1. Double-click Preupgrade.exe.
2. Follow the on-screen instructions to install the package.

Online Upgrades

During an online upgrade the endpoint has a connection to the server. When the initial client is installed, it connects to the server. The initial client uses the Common Client Settings that contains uninstall passwords for legacy products.

To create a package for an Online upgrade:

1. In the Policy tab >Client Settings section, and right-click Default installation and upgrade settings.
2. Click Edit Properties.

   The Installation window opens.

3. Click Legacy Client Uninstall Password.
4. Enter uninstall passwords for:
   • Legacy Secure Access
   • Legacy FDE EW
5. Click OK.
6. On the Deployment tab, select Packages for Export from the tree.
7. Click Add.
8. Add a package with Initial Client Only, with the version you require.
9. Click Export Package.
10. In the Export Package window:
    1. Select the platform versions (32/64 bit) to export for laptops and desktops.
    2. Enter or browse to a destination folder.
11. Click OK.

    The package EPS.msi files are downloaded to the specified path.

12. Send the EPS.msi to endpoint users. Endpoint users manually install the packages. They must use Administrator privileges.

    You can also use third party deployment software, a shared network path, email, or some other method.

After the EPS.msi is installed, you can add a package with Endpoint Security Software Blades. See Upgrading with Deployment Rules.

Upgrading Legacy Full Disk Encryption

To see the supported upgrade paths, see the Release Notes for the Endpoint Security client version to which you want to upgrade.

Before you upgrade, make sure that encryption or decryption are not running.

You do the upgrade using the standard Endpoint Security MSI packages, which can be run manually or through Endpoint Security software deployment.

During the upgrade:

• The client remains encrypted.
• All existing user and policy settings are discarded. Only partition keys are kept.
• Full Disk Encryption goes through the Deployment Phase

To upgrade a client package from Full Disk Encryption EW:

• If you know the Validation Password, do the procedure in Upgrading Clients.
• If you do not know the Validation Password, do the procedure below.

To upgrade a client package from Full Disk Encryption MI or from EW without the password:

1. In the existing MI or EW environment, create a user or user group with this name:

   _allow_upgrade_

   This user or group does not require permissions.

2. Update all of the Full Disk Encryption MI or EW clients with the new user or group.
   1. In the Full Disk Encryption MI or EW Management Console, go to the container that contains all clients.
   2. Right-click the object and select Properties.
   3. In Properties > Software tab, select Full Disk Encryption and click Properties.
   4. Expand User Group, right-click Users, and select Add Users.
   5. Browse to find the _allow_upgrade_ user and select Add to Selected Users.
   6. Click OK.
3. Make sure that all clients are connected to the server and receive the update after the next heartbeat.
4. Install a new Initial Client on the legacy client computers.

To upgrade a client package from Full Disk Encryption for Mac:

Do the procedure in Upgrading Clients.

What effect does an upgrade have on users?

• Users are instructed to use their Windows password for the first Pre-boot after the upgrade and deployment completes.
• The Pre-boot page looks slightly different.

Do not:

• Upgrade when the disk is not fully encrypted.
• Start another upgrade before a computer is fully protected with the first upgrade.
• Uninstall the upgrade before a computer is fully protected with the upgraded version.