As ARM64-based Windows devices (e.g., Microsoft Surface Pro X, Lenovo ThinkPad X13s, newer Snapdragon X Elite laptops) enter enterprise environments, legacy x86 security agents face performance and compatibility challenges. Symantec Endpoint Protection (SEP) originally ran under emulation (CHPE or x64 emulation) on these devices, causing high CPU usage, scan delays, and potential instability.
Broadcom’s roadmap (leaked Q4 2025) suggests three scenarios:
The "Hot" takeaway: If you are an all-Windows shop on Qualcomm Snapdragon, you are safe. If you manage Apple Silicon Macs, stop searching for "Symantec Endpoint Protection arm64 hot" and start planning your migration.
Rosetta translates x64 instructions to ARM64 on the fly. SEP’s real-time scanner (ccSvcHst.exe on Windows, SymantecDaemon on macOS) creates thousands of translation lookups per second. Each translation generates heat. The fix? Replace SEP on macOS with a native ARM64 competitor (e.g., Microsoft Defender for Endpoint or SentinelOne).
Fix: The ARM64 hotfix resets NDIS filter drivers. Reapply your network policy via SEPM and reboot twice. This restores the Symantec Network Security driver (SYMNDIS.sys) for ARM64.
If you are an IT administrator looking to deploy to ARM devices:
If you are managing these devices:
As enterprise computing shifts toward power-efficient architectures, Symantec Endpoint Protection (SEP) has evolved to provide native support for ARM64 platforms. This support is crucial for modern high-performance, low-power devices like the Microsoft Surface Pro 9 (5G) and macOS systems powered by Apple Silicon. Current Support Status for ARM64
Since the release of Symantec Endpoint Protection 14.3 RU7, Broadcom has integrated native ARM64 capabilities into its endpoint security stack. This allows organizations to secure their fleet of ARM-based laptops and servers with the same level of trust as traditional x86 environments.
Supported Platforms: Windows 11 ARM64 (GA builds 21H2, 22H2) and recent macOS versions (macOS 11.4 and newer).
Latest Stable Version: The current mainstream version for robust support is 14.3 RU9 (Build 11216), released in June 2024, with subsequent maintenance patches extending through late 2025. symantec endpoint protection arm64 hot
Management Requirements: ARM64 endpoints must be managed via the Symantec Endpoint Security (SES) cloud console or as unmanaged (self-managed) clients. Currently, the on-premises Symantec Endpoint Protection Manager (SEPM) does not support managing ARM64 devices. Core Features for ARM64 Endpoints
The ARM64 agent delivers most core security features natively to ensure there is no performance penalty for emulation:
Virus & Spyware Protection: Comprehensive file-based scanning and real-time detection.
Network Threat Protection: Active Intrusion Prevention System (IPS) and Firewall capabilities.
Behavioral Analysis: Basic behavioral monitoring to catch zero-day threats before they execute.
Endpoint Detection and Response (EDR): Enhanced integration with Symantec EDR 4.10 for advanced threat hunting on ARM devices. Key Exclusions and Known Issues
While the majority of the SEP suite is functional on ARM64, certain legacy or specialized features are currently unsupported: Custom Application Behavior and Application Control. Threat Defense for Active Directory (AD). Exploit Protection and Web/Cloud Access Protection.
Legacy Browser Protection: Specifically for older versions of Internet Explorer and Firefox. Why "ARM64 Hot" is Trending
The term "hot" in this context refers to the rapid adoption of ARM-based cloud instances (like AWS Graviton) and next-gen mobile workstations. Admins are prioritizing these builds because:
Performance Efficiency: Native ARM64 agents avoid the overhead of x64 emulation, preserving battery life and CPU cycles on mobile devices. As ARM64-based Windows devices (e
Zero-Day Readiness: With the increase in mobile-targeted malware, Broadcom's Mobile Threat Defense (MTD) features provide proactive protection against OS-level vulnerabilities.
Cloud-Native Management: The push toward SES Cloud Management aligns with the broader industry move away from legacy on-premises infrastructure. Security Center Download Detail - Broadcom Inc.
Symantec Endpoint Protection (SEP) and its successor, Symantec Endpoint Security (SES) Complete, currently offer specific support for ARM64 devices (like Microsoft Surface Pro 9 or X), but with management limitations compared to standard x64 systems. ARM64 Support & Management
While Symantec supports ARM64 architecture, how you manage these devices is restricted by the platform:
Management Requirement: ARM64 devices are not supported by the on-premises Symantec Endpoint Protection Manager (SEPM).
Supported Management: You must use the cloud-based Integrated Cyber Defense Manager (ICDm) or deploy them as unmanaged (self-managed) clients.
Operating System: Supported on Windows 11 GA builds (21H2, 22H2). Feature Limitations on ARM64
Most standard security features are available, but several advanced "hot" protection layers are not supported on ARM64 as of early 2026: Application Control and Custom Application Behavior. Threat Defense for Active Directory. Web and Cloud Access Protection.
Legacy Browser Protection (specifically for older Firefox or Internet Explorer-based IPS policies). Exploit Protection. Symantec Endpoint Security (SES) Complete
For organizations moving toward modern hardware, Broadcom recommends SES Complete, which focuses on "hot" or high-priority security needs like Adaptive Protection and EDR integration. The "Hot" takeaway: If you are an all-Windows
Adaptive Protection: Automates security configurations to block suspicious application behaviors dynamically.
Single Agent Architecture: Combines traditional antivirus with EDR, behavioral isolation, and mobile security into one package.
Mobile Support: Offers native protection for Android and iOS, critical for ARM-heavy mobile fleets. Summary of Known Issues
Recent release notes highlight specific behavior on ARM platforms:
Remote Connectivity: VNC or screen sharing may be lost on ARM-based macOS (11.4/12) if Vulnerability Protections are toggled.
Policy Conflicts: The cloud console enforces strict case-sensitivity for group names, which can cause import failures if transitioning from an older SEPM environment.
Known Issues in Symantec Endpoint Security - Broadcom TechDocs
Symantec Endpoint Protection (SEP) and Symantec Endpoint Security (SES) have expanded support for ARM64 architecture across Windows, macOS, and Linux. A critical requirement for ARM64 deployment is that clients must be unmanaged or cloud-managed via the Symantec Endpoint Security (SES) console; on-premises Symantec Endpoint Protection Manager (SEPM) does not currently support managing ARM64 endpoints. Platform Support Overview Platform Support Status Requirements / Versions Windows Native Support SEP 14.3 RU7 or newer; requires Windows 11 GA builds. macOS Native Support
Supports Apple M1, M2, M3, and M4 chips from build 14.3 RU1 and newer. Linux Partial Support
Support for RHEL 8/9 and Amazon Linux 2023 ARM64 added in recent updates (Q1 2026 for some distros). Key Deployment Details