Endpoint Protection

  • 1.  Install packages for client groups via API

    Posted 10-20-2021 03:20 PM
    Hi folks! I'm looking for a way to automatize the installation of packages for different client groups (I have to deal with a LOT of them) on SEPM 14.
    For every specific group, I have to choose a different package and, as you may imagine, the whole process is time consuming.

    Is there a way to do this programmatically using SEPM's APIs? I have searched through the API docs (https://MYSERVER:8446/sepm/restapidocs.html), but I did not find anything interesting.
    In this forum, I have already found this thread but unfortunately the links provided in the second message are not available anymore (they refer to the docs in the old Symantec website).

    Do you have any ideas?

  • 2.  RE: Install packages for client groups via API
    Best Answer

    Broadcom Employee
    Posted 10-22-2021 06:23 PM

    without using API you can modify the group where your client will enrol in SEPM by modifying the sylink.xml  RegisterClient PrefferedGroup in the package in MSI format. (not the exe).

    <?xml version="1.0" encoding="UTF-8" standalone="no"?>
    <ServerSettings DomainId="671FC2090A0A02154BF21CFFAEF43FBD">
    <RegisterClient PreferredGroup="My Company\Default Group" PreferredMode="1"/>
    <AgentCommunicationSetting AlwaysConnect="1" CommunicationMode="PUSH" Kcs="5AD1D67B4FAA0EF850BAAD166A27EE99" PushHeartbeatSeconds="300"/>
    <ServerList FreezeSmsList="0" Name="Default Management Server List for My Site">
    <ServerPriorityBlock Name="List0">
    <Server Address="" HttpsPort="443" Protocol="HTTPS" SigningAlgorithm="1" VerifySignatures="1"/>
    <Server Address="SRV01" HttpsPort="443" Protocol="HTTPS" SigningAlgorithm="1" VerifySignatures="1"/>

    If you need a script to gather the group structure and provide with a choice for the user, then yes you could use PowerShell and API such as:
    /Api/v1/Groups Symantec | API Console

    Unfortunately I do not have the sample scripts, but I hope this can get you started.
    Hope this helps.

  • 3.  RE: Install packages for client groups via API

    Posted 10-25-2021 04:19 AM
    Thank you! It seems very interesting.

    Is there an equivalent manifest file, to edit like that, for Mac and Linux installers too?

  • 4.  RE: Install packages for client groups via API

    Broadcom Employee
    Posted 10-25-2021 06:14 AM

    The SEP for linux is a binary executable which downloads the client, so it is not possible before the installation.
    You could deploy the clients in the Default group and then move them from the SEPM console.

    For the Mac Client you can modify the sylink.xml in the install package contained in the Additional Resources Folder.

    Hope this helps.

    Martial RICHARD
    Endpoint Security
    Sr. Technical Field Enablement Consultant