Symantec Endpoint Protection (SEP) supports Windows ARM64 devices
, but only through specific management methods. As of version 14.3 RU7,
on-premises Symantec Endpoint Protection Manager (SEPM) does not support ARM64 devices Compatibility & Management
To secure ARM64 devices like the Microsoft Surface Pro X, you must use one of the following methods: Cloud-Managed (Symantec Endpoint Security): Symantec Security Cloud console to manage the agent on ARM64 hardware. Unmanaged (Self-Managed):
You can install an unmanaged package from the "Full_Installation" download of SEP. Key Features for ARM64
While some features vary by platform, ARM64 agents typically include: Multilayered Protection: AI-driven detection, behavioral analysis, and Adaptive Protection Performance:
A lightweight agent designed to minimize impact on system productivity. Modern Support: symantec endpoint protection arm64 work
Explicit support for ARM-based processors like the Apple M1, M2, and M3 series (for macOS) and Windows 10/11 ARM devices. Implementation Steps
Symantec Endpoint Protection ARM64 Support and Implementation
Symantec Endpoint Protection (SEP) and Symantec Endpoint Security (SES) have evolved to support the ARM64 architecture
, primarily focusing on Windows on ARM devices (such as the Microsoft Surface Pro X and Surface Pro 9) and Apple silicon (M1, M2, M3, and M4 processors). 1. Core Architecture Support
Broadcom introduced official support for Windows ARM devices starting with Symantec Endpoint Protection 14.3 RU7 Windows on ARM
: Support is available for Windows 11 GA builds (21H2, 22H2, and later) on Qualcomm Snapdragon ARM processors. Apple Silicon “Driver not loaded” errors
: Support for macOS on ARM (Apple M-series) began earlier, with M1 support in 14.3 RU2 and subsequent updates for M2 (RU5) and M3 (RU8). 2. Management and Deployment Requirements
A critical distinction in ARM64 support is the management infrastructure. No On-Premises SEPM Support
: The on-premises Symantec Endpoint Protection Manager (SEPM) manage ARM64 devices directly. Management Options Cloud-Managed : Devices must be managed via the Symantec Endpoint Security (SES) cloud console (Integrated Cyber Defense Manager - ICDm).
: You can use "self-managed" or unmanaged installation packages for standalone protection. 3. Feature Availability for Windows ARM
While the ARM64 agent provides core security, some legacy or specialized features are not supported on this architecture. Supported Features Unsupported Features Antimalware & Malware Protection Application Control Behavioral Analysis & Adaptive Protection Custom Application Behavior Firewall & Intrusion Prevention (IPS) Web and Cloud Access Protection Endpoint Detection and Response (EDR) Exploit Protection (Legacy) Host Integrity Threat Defense for Active Directory Memory Exploit Mitigation Granular Device Control (Allow/Deny only) 4. Implementation Steps
To deploy Symantec to an ARM64 environment, follow these requirements: Obtain Correct Package : Download the specific Windows ARM architecture This is rare, but check if Secure Boot is enabled
installer from the SES cloud console or the "Full_Installation" download of SEP for unmanaged use. Environment Check
: Ensure the target device is running a compatible Windows 11 ARM build or a supported macOS version. : If moving from on-premises, use SEP 14.3 RU5 build 8282 or later as the bridge version for migration to the cloud console. or help navigating the SES Cloud Console to generate these ARM64 packages?
Here’s a helpful, practical post for anyone looking to get Symantec Endpoint Protection (SEP) working on ARM64 (e.g., Surface Pro X, Macs with Apple Silicon running Windows 11 ARM, or other ARM64 Windows devices).
To push to ARM64 clients via the SEPM console:
If you must deploy SEP on ARM64 (e.g., for compliance), apply these measures:
If you are planning a deployment or troubleshooting existing ARM64 issues, consider the following: