Search
Careers
Search

Arm64 Work | Symantec Endpoint Protection

Support for Apple Silicon was a major milestone for Symantec, as the architecture shift happened rapidly.

To answer the original query: Symantec Endpoint Protection ARM64 does "work," but only in the sense of functional emulation.

If your enterprise is standardizing on Windows on ARM, you have a decision to make: accept the performance tax of running SEP under emulation, or migrate to a security stack that has already invested in native ARM64 development (e.g., Microsoft Defender, CrowdStrike, or SentinelOne).

For now, monitor Broadcom’s release notes for SEP 14.3 RU9 or SEP 15.1. The moment you see "Added native Windows on ARM64 (WoA) support" in bold letters, you will know the waiting game is over. Until then, proceed with caution, test rigorously on a pilot group, and always keep a lightweight, native fallback option available.

Need to verify your specific environment? Use the sysinfo command on your ARM64 device and cross-reference the build number with Broadcom’s official "SEP Client Compatibility Matrix" (updated quarterly). Do not assume later builds automatically support ARM64—always check the release notes for the phrase "Windows 11 ARM64."

Symantec Endpoint Protection (SEP) provides native support for ARM64 architecture on both Windows and macOS, though there are specific management and feature limitations to note as of early 2026. Windows on ARM64 Support

SEP is compatible with ARM64-based devices running Windows 11 (builds 21H2, 22H2, and later). Broadcom support portal Management Requirements : ARM64 devices cannot be managed by an on-premises Symantec Endpoint Protection Manager (SEPM) . Instead, you must use: Symantec Endpoint Security (SES) Cloud Console

: Full cloud management for ARM64 agents (version 14.3 or later). : Standalone installations are also supported. Feature Limitations

: While most core protections are active, several advanced features are currently unsupported on Windows ARM64: Custom Application Behavior Threat Defense for Active Directory (AD) Web and Cloud Access Protection Exploit Protection Application Control Legacy Browser Protection (for older IE/Firefox versions) Broadcom support portal macOS ARM64 (Apple Silicon) Support

Broadcom provides native support for Apple’s M-series chips through the Symantec Agent for Mac. Broadcom support portal Minimum Supported Version SEP 14.3 RU2 or later SEP 14.3 RU5 or later SEP 14.3 RU8 or later Apple M4 / M5 SEP 14.3 RU9 or later Key Capabilities symantec endpoint protection arm64 work

: Recent versions for macOS (14.3 RU1+) include behavioral analysis to identify unknown threats and full visibility via the Integrated Cyber Defense Manager (ICDm) cloud console. Deployment Note

: Users must manually authorize the Symantec kernel extension in System Settings > Privacy & Security after installation for the agent to function fully. Broadcom support portal Performance and Known Issues Cloud Management

: For all ARM64 deployments, Broadcom recommends the cloud-only management approach to reduce infrastructure overhead and ensure unified threat visibility across modern hardware. VNC Connectivity

: A known issue exists where screen sharing or VNC connectivity may be lost on macOS 11.4 and 12 (ARM) if Vulnerability Protections are toggled. General Performance

: While older versions of SEP were criticized for high resource usage, recent ARM64 native agents are optimized for the architecture's power efficiency and multi-core performance. Broadcom TechDocs specific hardware requirements

for the cloud-managed agent on your preferred operating system? Known Issues in Symantec Endpoint Security

Symantec Endpoint Protection (SEP) now provides robust support for ARM64 architecture, specifically catering to the growing use of Windows on ARM devices and Linux-based ARM servers. This expansion ensures that organizations can maintain high security standards across a diverse hardware fleet, including Microsoft Surface Pro models and AWS Graviton instances. Compatibility and Management Requirements

Support for ARM64 is available starting with SEP 14.3 RU7. However, there are specific management constraints:

Management Options: ARM64 support is limited to cloud-managed clients (via Symantec Endpoint Security/SES) or unmanaged (self-managed) clients. Support for Apple Silicon was a major milestone

On-Premises Limitation: Currently, the on-premises Symantec Endpoint Protection Manager (SEPM) cannot manage ARM64 devices directly.

Operating Systems: Supported environments include Windows 11 GA builds (21H2, 22H2) and various Linux distributions such as RHEL 8/9 ARM64 and Amazon Linux 2023. Feature Support and Limitations

While the ARM64 client offers comprehensive protection, certain legacy and advanced features are not supported on this architecture:

Supported Features: Core antivirus, firewall, and intrusion prevention policies. Unsupported Features: Custom Application Behavior. Threat Defense for Active Directory (AD). Exploit Protection and Application Control.

Legacy browser protection for Internet Explorer or Firefox-based browsers. Installation on Windows ARM64

To deploy SEP on a Windows ARM64 device, such as a Surface Pro 9 (5G), users must download the specific architecture package:

Cloud-Managed: Select the Windows ARM architecture option when generating the installation package from the Broadcom Cloud Management console.

Unmanaged: Use the Full_Installation download of SEP to locate the unmanaged ARM package.

Dependencies: The Microsoft Visual C++ 2022 Redistributable is required for first-time ARM64 agent installations. ARM64 Support for Linux If your enterprise is standardizing on Windows on

Symantec has recently extended its Linux agent support to include ARM64 (aarch64) architectures.

Linux Distributions: Support includes Amazon Linux 2023, RHEL 8/9, and Ubuntu.

Deployment: Administrators can use the seplpkg tool to create installable packages for specific ARM64 Linux platforms.

Historically, ARM processors were confined to smartphones, tablets, and Raspberry Pis. That changed with Apple’s transition away from Intel in 2020. Today, Windows-on-ARM devices (like the Lenovo ThinkPad X13s and Microsoft Surface Pro 9 5G) are becoming common in enterprise settings. Simultaneously, Linux ARM64 servers are proliferating in cloud data centers due to their superior price-to-performance ratio.

For a security admin, this creates a fragmented landscape:

If your organization standardizes on Symantec Endpoint Protection (SEP), you cannot simply copy the .exe or .dmg from your x86 repository. You need a specific ARM64-native workflow.

For decades, the cybersecurity industry has been dominated by the x86 and x64 architectures. Most endpoint protection platforms (EPPs), including Symantec Endpoint Protection (SEP), were engineered to run on Intel and AMD processors. However, the computing landscape is shifting dramatically. With the rise of energy-efficient, high-performance ARM64 (also known as AArch64) processors—championed by Apple’s M-series chips, Qualcomm’s Snapdragon X Elite, Amazon’s Graviton, and various IoT devices—security teams now face a critical question: How well does Symantec Endpoint Protection work on ARM64?

The short answer is that Broadcom (the current owner of Symantec) has made significant strides, but "making it work" still requires careful planning, the right version, and an understanding of where native support ends and emulation begins.

This article provides a comprehensive guide to deploying, managing, and troubleshooting Symantec Endpoint Protection in an ARM64 environment.