While Broadcom has not explicitly detailed which components are fully native versus those running under emulation, the fact that a dedicated WinArm64 installer exists suggests that core security engines have been ported. However, users should be mindful that some older or less critical components may run under Windows’ x86 emulation layer, which could impact performance.
If your organization values battery life and native performance above all else, you may need to pressure Broadcom for a roadmap. If you simply need consistent protection on a new fleet of Arm laptops, deploy the current x64 build, accept the minor performance tax, and wait for the native Arm64 client that is likely coming in late 2025 or 2026.
Active scanning, heuristic detection, and IPS (Intrusion Prevention System) are fully supported on ARM64. symantec endpoint protection arm64 work
If you must deploy SEP on ARM64 (e.g., for compliance), apply these measures:
Most standard protection features are functional on ARM64, but several legacy and advanced policies are currently unsupported: Unsupported Features (ARM64) Core Anti-malware & Scans Custom Application Behavior Network Threat Protection Threat Defense for Active Directory Device Control Application Control Exploit Protection LiveUpdate (Native Updates) Legacy Browser Protection (IE/Firefox) Implementation Considerations While Broadcom has not explicitly detailed which components
to complete. Performance is fine for real-time scanning, definitions updates, and policy enforcement.
The downloaded package includes all the features present in the default Windows Workstation installation package. If you simply need consistent protection on a
Even with supported versions, you may encounter issues. Here are the most common ones and their solutions.
When choosing the architecture, explicitly select .
Ensure Windows 11 (ARM version) is used, as it provides better emulation for legacy tools and better native support for new security drivers.