Apple Silicon (M1/M2/M3) is supported starting from 14.3 RU3 .

: While most core protections work, certain advanced features like Custom Application Behavior , Threat Defense for AD , and Exploit Protection are currently unsupported on Windows ARM architecture. Apple Silicon (macOS ARM64)

(x86 version) from your management console or Broadcom portal.

Ensure Windows 11 (ARM version) is used, as it provides better emulation for legacy tools and better native support for new security drivers.

Ensure you are using the latest RU (Release Update) version, as Broadcom frequently updates its agent compatibility.

The keyword “Symantec Endpoint Protection arm64 work” is not just about getting a green checkmark in the SEPM console. It’s about ensuring security without crippling performance.

While the core anti-malware, machine learning, and heuristic engines work natively on ARM64, several legacy kernel-level and system-hooking components are excluded due to structural differences between x64 and ARM64 instruction sets. Fully Operational Core Features Native Advanced Machine Learning (AML) Intelligent Cloud Analytics Threat Detection File System Real-Time Auto-Protect Network Intrusion Prevention System (IPS) core features Behavioral Analysis (SONAR) Major Exclusions and Unsupported Policies

If you are currently managing a mixed environment (ARM and x86), I can provide:

For traditional on-premise Symantec Endpoint Protection 14.4 and older versions, the support situation is different:

If your enterprise is standardizing on Windows on ARM, you have a decision to make: accept the performance tax of running SEP under emulation, or migrate to a security stack that has already invested in native ARM64 development (e.g., Microsoft Defender, CrowdStrike, or SentinelOne).

Even with proper setup, “making it work” often involves troubleshooting. Here are the top issues admins face.