We are in the process of deploying SCCM 2012 R2 with EP to our environment.  The server is up and running, and we have both clients deployed out to our initial batch of test clients.  However, during the deployment we encountered errors when deploying the Endpoint protection.  The issue is that we are using Symantec Endpoint Protection version 12, which SCEP is not supported to uninstall.  My solution is to import both anti-virus clients into SCCM Applications.  Then set the SCEP application to supersede the Symantec client, forcing the removal of the Symantec client using the uninstall string provided by Symantec's msi, when we push the SCEP client.  I have imported the Symantec msi's into SCCM, but I need some guidance on importing the System Center EP msi.  I located the install in: Program Files\Microsoft Configuration Manager\Client, however the install is in EXE format not MSI, preventing me from using the benefits of using applications. So I have the following questions:

1. Where can I get the MSI version of the install, will it install both the x64 and x86, or will it be 2 separate MSI's?
2. Assuming I can get the MSI, are there any special commands needed when I launch the install?
3. Is this the correct course of action? or if I can not get the MSIs is there another way I can remove SEP 12 and then install SCEP?

Mark

First of all, your all applications do not need to be .MSI -packages if you want to deploy them, they can be any commandline that can be executed silently (for example .exe, .vbs, .ps1, .cmd, .bat...). What you're trying to do is a good way, you configure the SCEP application and configure it to supersede your SEP12. After that you deploy SCEP, it will uninstall the SEP12 and install itself and your good to go.

Here are some links that provide good info for you:

http://www.css-security.com/blog/how-to-perform-a-manual-fep-client-installation/

http://blogs.technet.com/b/configmgrteam/archive/2012/04/12/operating-system-deployment-and-endpoint-protection-client-installation.aspx

According to those the correct installation string for your SCEP Application would be: "scepinstall.exe /s /q"  note that there are several other switches which you can use, but with that you should simply install the SCEP.

• Proposed as answer by narcoticoo 16 hours 12 minutes ago

Hi,

There is no .MSI for System Center 2012 Endpoint protection, the .exe file has both the x86 and the x64 setup wrapped so you can use the SCEPinstall.exe to install it on both x86 and x64 systems. You can use an .exe file with the application model you only have to create the application using the option to manually specify the information for the application, after that add a deployment type and then you can add a Script Installer type and there you can run SCEPinstall.exe /q /s to install it. Then you can superseed the Symantec Endpoint protection with System Center 2012 Endpoint Protection.

Other options would be to use a custom Task Sequence to first uninstall the Symantec Endpoint Protection and then install SCEP.

Regards,
Jrgen

@Narcoticoo @JasonSandys

Thanks of the response, I did not know that you could use an EXE in an application, as it does not list that as an option when using the Create Application Wizard, I will give that a try.

Now on deploying SCEPInstall.exe, it states to use the policy xml, I am assuming that since I am already using SCCM to manage the SCEP client, I wouldn't need to use or modify this policy xml file?  Since once the SEP client is installed, and the SCCM client checks in with the server, it will pull the anti-malware policy and the needed virus defintions.

Side note, is there a way I can script a command to execute a Machine policy update, once the SCEP is installed, so I don't have to wait 60 minutes for the client to check in again?

For the machine policy updates you could install right-click tool addition to your ConfigMgr console so that you can use that to update your policies.

http://psrightclicktools.codeplex.com/releases/view/117899