Skip to main content

Symantec Endpoint Protection Arm64 Work

1. The State of Support (SEP vs. SES)

To understand ARM64 support, you must distinguish between the legacy product and the modern product:

  • Symantec Endpoint Protection (SEP) 14.3: This is the traditional, on-premises focused agent. While 14.3 introduced improved support for "Windows on ARM," it was historically limited. It often relied on emulation (x86/x64 emulation) to run the management interface and some drivers, which resulted in performance overhead.
  • Symantec Endpoint Security (SES) 14.3 R2+ / SES Enterprise: This is the modern, cloud-managed (or modern on-prem management) solution. Broadcom has focused all new architecture development here. Native ARM64 support is fully realized in the SES client.

Issue 3: Patch Management Conflicts

  • Symptom: Windows Update fails to install ARM64 cumulative updates while SEP is running.
  • Cause: SEP’s file system filter locks system files during emulation.
  • Fix: Pause protection manually before large Windows feature updates, or use SEPM to push a "Patch Mode" policy.

4. Required Workarounds for Production Use

If you must deploy SEP on ARM64 (e.g., for compliance), apply these measures: symantec endpoint protection arm64 work

Issue 2: High Memory Usage (ccSvcHst.exe)

  • Symptom: 400MB+ RAM usage on an 8GB ARM64 laptop.
  • Cause: The emulation layer keeps translated code in memory. X86 services are not paged efficiently.
  • Fix: Increase page file to 16GB. Or schedule daily restarts of the Symantec Management Service via a script.

How to Deploy Symantec Endpoint Protection on ARM64 (Step-by-Step)

Assuming you have a Windows 11 ARM64 laptop (e.g., Lenovo ThinkPad X13s) and need to install SEP, follow this validated workflow: Symantec Endpoint Protection (SEP) 14