Upgrading Endpoint Security Clients

This section includes procedure for upgrading endpoint clients:

You can upgrade to E8X.x clients from earlier versions of E8X.x clients with these requirements:

• You must upgrade both the Initial Client and the Endpoint Security Component Package at the same time. You cannot upgrade the Initial Client by itself.

• During the upgrade you cannot remove the Full Disk Encryption A component on Endpoint Security Windows clients. This component combines Pre-boot protection, boot authentication, and strong encryption to make sure that only authorized users are given access to information stored on desktops and laptops. Acronym: FDE. component.

• You can change all other components and all component configuration settings.

Client upgrade workflow:

1. Make sure that the clients are connected to an Endpoint Security Management Server A Security Management Server that manages your Endpoint Security environment. Includes the Endpoint Security policy management and databases. It communicates with endpoint clients to update their components, policies, and protection data. of the higher version.

2. Get a complete package with Initial Client and the Endpoint Security Component Package. Get this from the Deployment tab in one of these ways:

   • Download a package from the Packages for Export window.

   • In the Software Deployment Rules window, right-click in a rule Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session. and select Download Package. This includes the Initial Client and Endpoint Security component package.

3. Deploy the package.

Upgrading with Deployment Rules

The Client Settings Policy controls if users can postpone an upgrade installation or if the upgrade is installed on clients immediately. You can configure the settings in the Client Settings Policy. Edit the Default installation and upgrade settings.

To upgrade clients with Deployment Assignments:

1. In the Deployment tab, select a rule and change its Endpoint Client Version in the Client Version column.

   All computers are assigned to that Policy rule will be upgraded.

2. Optional: Change who the rule applies to in the Applies To column.

3. Select File > Save or click the Save icon.

4. Select File > Install Policies or click the Install Policies icon.

5. The Endpoint Agent on each assigned client downloads the new package. The client installation starts based on the settings in the Client Settings policy rule. You can configure:

   • If the Client Settings policy forces installation and automatically restarts without user notification.

   • If the Endpoint Agent sends a message to the user that an installation is ready and gives the user a chance to postpone the installation or save work and install immediately.

6. The Endpoint Agent installs the new client.

   If the user does not click Install now, installation starts automatically after a timeout.

7. After installation, the Endpoint Agent may reboot the computer.

Upgrading with an Exported Package

Upgrade a client to a new package that includes the same components as it has now. Add and remove components after the upgraded package is installed.

To upgrade clients with an exported package:

1. In the Deployment tab, go to Packages for Export.

2. select a package and click Upgrade Profile.

   A message opens that shows if an update is available.

3. Click Yes to confirm that you want to upgrade the profile.

4. In the Export Package window:

   1. For dynamic packages, Any CPU is selected. For MSI packages, select the platforms (32-Bit and/or 64 bit) to export for laptops and desktops.

   2. Enter or browse to a destination folder.

5. Click OK.

   The package files are downloaded to the specified path. A different folder is automatically created for each option selected in step 4a. When using Dynamic Package, the exported package is a self extracting executable (*.EXE). By default, the filename is EPS.exe. For other types of package, the name of the package is EPS.msi and/or PreUpgrade.exe..

6. Send the package files to endpoint users. Endpoint users manually install the packages. They must use Administrator privileges.

   You can also use third party deployment software, a shared network path, email, or some other method.

Gradual Upgrade

To upgrade more gradually, you can create a new deployment profile and distribute it only to specified computers.

Note - For an exported package, save the new package in a different location than the previous package

When you are prepared to upgrade all clients, upgrade all deployment profiles.