Migrating to the latest version
Checklist for migrating from Symantec Intruder Alert
107
System Protection authoring environment (and eventually conditionally applied to your Symantec Critical System Protection agents).
See “Migrating legacy detection policy files” on page 111.
The policy conversion process automatically migrates your existing Symantec Intruder Alert registry and event log settings, but you will need to manually reenter any custom files under observation into the file lists in the following policies:
■Host_IDS_File_Tampering policy
■Template_FileWatch policy
■Your own custom
■The following features of the Symantec Intruder Alert agent are not supported in Symantec Critical System Protection:
■SNMP, email, and pager alerts (SNMP and email alerts can be configured in the Symantec Critical System Protection management console, whereas pager is no longer supported)
■Global flags
■Logging to files on other agents
■Shared actions
■C2 and Process Accounting collectors
■Plan how to migrate your Symantec Intruder Alert agents to Symantec Critical System Protection.
As previously noted, you cannot migrate Symantec Intruder Alert agents that run on client platforms not supported by Symantec Critical System Protection. You should record the policy settings for each group of agents (and each ungrouped agent), noting the stock policies and the custom policies that are applied. You should be able to find equivalent Symantec Critical System Protection policies for the Symantec Intruder Alert stock policies that you applied.
Uninstall the Symantec Intruder Alert agent, and install the Symantec Critical System Protection agent on each client to be migrated. You should have
■If you were performing event forwarding in Symantec Intruder Alert, perhaps you can configure the Symantec Critical System Protection database to do this for you.
