Hi, I would say option 2.
This is taken from the migration guide:
Decide which migration path to follow by considering the characteristics of your network or managed systems and your migration goals.
1.) Decide whether you need to migrate at all. Do you want to retain any current settings and assignments for your legacy products?
• No — Install Endpoint Security 10.1 without migrating. See the McAfee Endpoint Security Installation Guide for instructions.
• Yes — Use the Migration Assistant to migrate your settings before deploying Endpoint Security 10.1 to systems.
2.) If you do want to migrate your settings, decide whether to migrate automatically or manually.
• Automatic migration is a "hands-off" process. The Migration Assistant makes all the migration decisions "behind the scenes."
• Networks with fewer than 250 managed systems.
• Customers who use default policy settings or a minimum number of custom policies.
• Migrating the Host IPS Catalog.
• Manual migration is a "hands-on" process. You make most of the migration decisions by selecting the objects to migrate and editing their settings, if needed.
• Networks with more than 250 managed systems.
• Customers who use multiple custom policies.
• Customers who want to fine-tune existing policy settings during the migration process.
• Customers who want to fine-tune assignments.
• Customers who want to personally supervise and approve each step of the migration process.
Choosing a migration path:
• Requires minimal input from you.
• Migrates all the settings for each supported product. All of your policies and client tasks are migrated at the same time.
• Retains policy and client task assignments.
• Migrates the Host IPS Catalog.
• You can't select specific policies or client tasks to migrate.
• You can't edit policies or client tasks.
• Does not migrate unassigned policies.
• Lets you select each policy and client task to migrate.
• Lets you edit the settings for each policy or client task to migrate.
• Requires more input from you.
• Does not retain assignments. You need to assign policies and client tasks to managed systems.
• Does not migrate the Host IPS Catalog
Hope this helps! /Michael