When deploying SEP to an Apple Silicon device (M1/M2/M3), you are installing a Universal Binary.
Historically, SEP relied heavily on Kernel Extensions (Kexts). These are pieces of code that load directly into the operating system kernel. This gave SEP "God mode"—it could intercept any file operation, network packet, or process execution with zero latency. symantec endpoint protection arm64 work
Many users assume SEP won’t run on ARM64 devices. That’s not entirely true – but there are important caveats. When deploying SEP to an Apple Silicon device
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\AV]
"DisableDriverLoadCheck"=dword:00000001
"ForceEmulationMode"=dword:00000001
Because of the ARM64 security model, simply installing the software is not enough. The user (or MDM administrator) must approve the System Extension loading. Because of the ARM64 security model, simply installing
The transition to ARM64 architecture—driven primarily by Apple’s Silicon (M1/M2/M3 series) and the emerging market of Windows on ARM devices—posed a significant challenge for legacy security vendors. Symantec Endpoint Protection (SEP), now under Broadcom, has had to evolve from a purely x86-reliant architecture to a hybrid model to support these platforms.
Here is a detailed breakdown of how SEP works on ARM64.