Symantec Endpoint Protection on ARM64: Making It Work in a Non-x86 World

For decades, the cybersecurity industry has been dominated by the x86 and x64 architectures. Most endpoint protection platforms (EPPs), including Symantec Endpoint Protection (SEP), were engineered to run on Intel and AMD processors. However, the computing landscape is shifting dramatically. With the rise of energy-efficient, high-performance ARM64 (also known as AArch64) processors—championed by Apple’s M-series chips, Qualcomm’s Snapdragon X Elite, Amazon’s Graviton, and various IoT devices—security teams now face a critical question: How well does Symantec Endpoint Protection work on ARM64?

The short answer is that Broadcom (the current owner of Symantec) has made significant strides, but "making it work" still requires careful planning, the right version, and an understanding of where native support ends and emulation begins.

This article provides a comprehensive guide to deploying, managing, and troubleshooting Symantec Endpoint Protection in an ARM64 environment.

How to Deploy Symantec Endpoint Protection on ARM64 (Step-by-Step)

Assuming you have a Windows 11 ARM64 laptop (e.g., Lenovo ThinkPad X13s) and need to install SEP, follow this validated workflow:

3. Symantec on Windows on ARM

While Apple Silicon is the primary focus, Windows on ARM (WoA) devices (like Surface Pro X or Snapdragon-powered laptops) are growing in usage.

The Good News: It Does Work (via Emulation)

For most enterprise use cases, the current x64 version of Symantec Endpoint Protection installs and operates successfully on Windows 11 Arm64 systems.

In controlled testing on a Snapdragon 8cx Gen 3 device:

Installation: The standard SEP MSI package installs without modification. The Windows Prism emulation layer kicks in automatically.
Signature Updates: LiveUpdate functions correctly, pulling definition files from Broadcom’s cloud infrastructure.
Real-time Protection: The on-access scanner, SONAR (behavioral detection), and network intrusion prevention (IPS) activate and block test threats (e.g., EICAR files).
Management: The SEPM (Symantec Endpoint Protection Manager) console continues to see the Arm device as a standard Windows endpoint. Policy pushes and reporting work as expected.

The Verdict: For standard malware defense, SEP on Arm64 in emulation mode is currently production-viable for most general-purpose business users.

5. Deployment Strategy for IT Administrators

Deploying SEP to ARM64 fleets requires a modern management approach (Mobile Device Management or MDM).

Upgrade via SEPM: Ensure your Symantec Endpoint Protection Manager (SEPM) is updated. Older managers may try to push x86-only agents to ARM devices, causing installation failures. Broadcom releases updated "All Supported Languages" packages that include the Universal Binaries.
MDM Profiles (For macOS): You cannot silently install SEP on Apple Silicon without an MDM (like Jamf or Intune).
- You must push a Privacy Preferences Policy Control (PPPC) payload. This pre-approves the System Extension and Full Disk Access, preventing user prompts and ensuring the agent starts working immediately upon installation.
Content Updates: Virus definitions (MicroDefs) are architecture-agnostic. Once the binary is installed, the definition updates work identically on ARM64 and x86.

“Driver not loaded” errors

This is rare, but check if Secure Boot is enabled. SEP emulated drivers work best with Secure Boot ON.

Symantec Endpoint Protection on ARM64: Making It Work in a Non-x86 World

This article provides a comprehensive guide to deploying, managing, and troubleshooting Symantec Endpoint Protection in an ARM64 environment. symantec endpoint protection arm64 work

The Good News: It Does Work (via Emulation)

For most enterprise use cases, the current x64 version of Symantec Endpoint Protection installs and operates successfully on Windows 11 Arm64 systems.

Installation: The standard SEP MSI package installs without modification. The Windows Prism emulation layer kicks in automatically.

Signature Updates: LiveUpdate functions correctly, pulling definition files from Broadcom’s cloud infrastructure.

Real-time Protection: The on-access scanner, SONAR (behavioral detection), and network intrusion prevention (IPS) activate and block test threats (e.g., EICAR files).

Management: The SEPM (Symantec Endpoint Protection Manager) console continues to see the Arm device as a standard Windows endpoint. Policy pushes and reporting work as expected.

The Verdict: For standard malware defense, SEP on Arm64 in emulation mode is currently production-viable for most general-purpose business users.

5. Deployment Strategy for IT Administrators

Deploying SEP to ARM64 fleets requires a modern management approach (Mobile Device Management or MDM).

Upgrade via SEPM: Ensure your Symantec Endpoint Protection Manager (SEPM) is updated. Older managers may try to push x86-only agents to ARM devices, causing installation failures. Broadcom releases updated "All Supported Languages" packages that include the Universal Binaries.

MDM Profiles (For macOS): You cannot silently install SEP on Apple Silicon without an MDM (like Jamf or Intune).

You must push a Privacy Preferences Policy Control (PPPC) payload. This pre-approves the System Extension and Full Disk Access, preventing user prompts and ensuring the agent starts working immediately upon installation.

Content Updates: Virus definitions (MicroDefs) are architecture-agnostic. Once the binary is installed, the definition updates work identically on ARM64 and x86.

“Driver not loaded” errors

This is rare, but check if Secure Boot is enabled. SEP emulated drivers work best with Secure Boot ON.

Symantec Endpoint Protection on ARM64: Making It Work in a Non-x86 World

How to Deploy Symantec Endpoint Protection on ARM64 (Step-by-Step)

3. Symantec on Windows on ARM

The Good News: It Does Work (via Emulation)

5. Deployment Strategy for IT Administrators

“Driver not loaded” errors

Trending Tags