Broadcom strongly recommends running the of Symantec Endpoint Protection, which is currently part of the 14.3.x or 14.4 release trains. For hybrid management (on-premises SEPM with cloud control), a minimum of 14.3 MP1 (14.3.1169.0010) is required.
Enhanced lookups using real-time telemetry from Symantec’s global intelligence network accelerated file reputation checks during outbreaks.
Symantec Endpoint Protection Manager (SEPM) version 14.0.2415—also known as —is a centralized management console used to deploy, manage, and monitor security policies across an organization’s network. Key Features and Capabilities
[ Symantec LiveUpdate Servers ] │ ▼ [ Symantec Endpoint Protection Manager ] (Console, IIS/Apache, Tomcat) │ ┌────────────┴────────────┐ ▼ ▼ [ Microsoft SQL Server ] [ SEP Clients ] (or Embedded DB) (Windows, Mac, Linux) Core Architecture Components Symantec Endpoint Protection Manager 14.0.2415
Run the installation media ( Setup.exe ) on the primary server. The upgrade wizard will automatically detect the existing version and migrate policies, clients, and historical data.
Blocks known network exploits, drive-by downloads, and command-and-control (C2) communications before they reach the OS network stack. Application and Device Control
Skipping directly from 14.0.2415 to 14.3 will break policies due to schema changes in the policy XML structure. Always run the "Migration and Upgrade Readiness Tool" available from Broadcom’s portal. Symantec Endpoint Protection Manager (SEPM) version 14
| Current Version | Target Version | Required Steps | |----------------|----------------|--------------------------------------------------------------------------------| | 14.0.2415 | 14.2 (any) | Upgrade first to 14.2 MP1, then to 14.3. Requires a full backup of the DB. | | 14.0.2415 | 14.3 RU1+ | – must migrate to a new OS (Server 2019/22).|
Symantec Insight leverages a global reputation database to determine the safety file ratings based on age, frequency, and source. The 14.0.2415 manager optimizes reputation queries, reducing the overhead on local network proxy gateways. Rest API Extensions
To begin protecting your network, you must deploy the client software to endpoints. enforces compliance policies
Supports either an embedded database (Sybase SQL Anywhere) for smaller deployments or Microsoft SQL Server for enterprise-scale environments.
A signatureless technology that analyzes file attributes to block new and evolving threats before execution.
If you are reading this in 2025 or later, you should strongly consider upgrading. Broadcom has released SEP 14.3 RU9 and even SEP 15 (cloud-native). Here is the safe upgrade matrix:
This version implements cloud-based definition delivery. This optimization reduces the size of signature definition files by up to 70% compared to version 12.1, preventing network congestion during scheduled update rollouts. 4. Generic Exploit Mitigation (GEM)
The management server communicates with endpoints via a proprietary agent-server protocol. It distributes definition updates, enforces compliance policies, and collects security event logs. This minimizes the bandwidth footprint on corporate networks through structured content distribution. Database Integration