Administrators can view quarantined items across all endpoints from the SEP Management Console (SEPM) and restore or submit samples to Symantec for analysis.
SEP 14 maintains a robust two-way firewall and a network-based IPS. This layer inspects network traffic before it reaches the operating system, blocking attack traffic associated with known vulnerabilities and preventing command-and-control (C2) communication from compromised machines.
The Symantec Endpoint Protection Manager (SEPM) console is the brain of your operation. If it runs slowly, your team runs slowly.
Maintenance Tips:
Traditional AV checks a hash against a blacklist. SEP 14 uses a pre-execution ML model (Emulation-based Generic Exploit Blocking) that inspects a file’s code structure before it runs. If it looks like ransomware or a worm, it is killed instantly—even without a signature.
Organizations stuck on SEP 12.1 often delay upgrades due to "legacy stability." However, SEP 14 forced an upgrade for three critical reasons:
Broadcom is actively pushing customers to Symantec Endpoint Security (SES) Complete (the cloud-native version). SES uses the same underlying engine but removes the SEPM console entirely. symantec endpoint protection 14
Should you stay on SEP 14 on-prem or move to cloud?
Broadcom has committed to supporting SEP 14 client until at least 2027, but new features (EDR 3.0, advanced hunting) are only appearing in the cloud console.
In AV-Comparatives and SE Labs tests from 2017–2022, SEP 14 consistently scored: Broadcom has committed to supporting SEP 14 client
Every AV solution has false positives. How you handle them defines your security posture.
The Protocol: