Symantec Endpoint Protection Arm64 Work Guide
When moving SEP to ARM64 architectures, there are specific technical nuances compared to traditional x86 deployments.
| Feature | x86 (Intel/AMD) | ARM64 (Apple Silicon / WinARM) | Notes | | :--- | :--- | :--- | :--- | | Real-Time Scanning | Kernel Level (Kext/Driver) | System Extension / User Mode | On ARM, scanning is triggered by OS callbacks, which introduces a negligible microsecond latency compared to kernel hooking. | | Intrusion Prevention (IPS) | Deep Kernel Inspection | Limited / Signature Based | Kernel-level packet inspection is restricted on ARM. IPS relies more heavily on signature matching and network extension APIs. | | Tamper Protection | Kernel Lockdown | System Integrity Protection (SIP) / ELAM | Tamper protection on ARM is enforced by the OS vendor's security posture (e.g., macOS SIP) combined with SEP's user-mode protection. | | Firewall | NDIS Drivers | Network Extensions | Network filtering is abstracted one level higher than the kernel. |
To understand ARM64 support, you must distinguish between the legacy product and the modern product: symantec endpoint protection arm64 work
While SEP works, it is not optimized. Security software is uniquely sensitive to emulation overhead.
Broadcom released native ARM64 support for the Symantec Endpoint Security (SES) Windows agent starting with version 14.3 R2 (specifically build 2931 and later). When moving SEP to ARM64 architectures, there are
What "Native" Means:
Broadcom (owner of Symantec) has been publicly quiet about native Windows on ARM64. However, industry trends force their hand. Broadcom (owner of Symantec) has been publicly quiet
Historically, ARM processors were confined to smartphones, tablets, and Raspberry Pis. That changed with Apple’s transition away from Intel in 2020. Today, Windows-on-ARM devices (like the Lenovo ThinkPad X13s and Microsoft Surface Pro 9 5G) are becoming common in enterprise settings. Simultaneously, Linux ARM64 servers are proliferating in cloud data centers due to their superior price-to-performance ratio.
For a security admin, this creates a fragmented landscape:
If your organization standardizes on Symantec Endpoint Protection (SEP), you cannot simply copy the .exe or .dmg from your x86 repository. You need a specific ARM64-native workflow.