Symantec Endpoint Protection (SEP) 14.3 (build 14.3.558.0000), released in May 2020, marked a significant architectural shift by introducing scan process separation
. This change moved the antivirus scan process into its own service, independent of the main non-security service, to ensure continual protection even if the main service encounters issues. Broadcom Community Key Security & Performance Features AMSI Integration : This build introduced support for the Windows Antimalware Scan Interface (AMSI)
. It allows third-party application developers to route user-provided scripts (like PowerShell, JavaScript, or VBScript) to the SEP client for a maliciousness verdict before execution. Operational Efficiency
: The scan process separation resulted in more efficient memory usage and improved system stability. Extended OS Support : Added support for Windows 10 version 2004 (20H1).
: Expanded compatibility to include Ubuntu 18.04, RHEL 8, and CentOS 8. Security Management : Includes support for Microsoft SQL Server 2019
databases and updated third-party components like Apache Tomcat and OpenSSL for better backend security. Broadcom TechDocs System Requirements To run SEP 14.3, your hardware should meet these Broadcom TechDocs standards: Broadcom TechDocs : Minimum 512 MB (4 GB recommended).
: Intel Pentium 4 (2 GHz) or equivalent with at least 2 cores. Disk Space
: Approximately 150 MB is required on the system drive for installation, plus additional space for content updates and logs. Broadcom TechDocs Known Compatibility Issues Users have reported specific application control
conflicts, notably with certain versions of FortiClient VPN, which may require policy adjustments to resolve. configuration steps for the new AMSI integration or detailed migration paths from earlier versions? Client only patch Endpoint Protection 14.3 (14.3.558.0000)
Symantec Endpoint Protection 14.3 Build 558: A Comprehensive Guide
Symantec Endpoint Protection (SEP) 14.3 Build 558 (14.3.558.0000), released on May 5, 2020, marked a major evolution in Broadcom's security suite. This version introduced fundamental changes to the software's architecture, including a shift toward more efficient memory usage and the integration of advanced cloud-based protection features. Key Features and Enhancements
Build 558 introduced several architectural and functional improvements designed to streamline performance and bolster defense:
Antimalware Scan Interface (AMSI) Support: This build allows third-party applications to call the Windows AMSI interface to request scans for dynamic script-based malware (e.g., PowerShell, JavaScript, VBScript).
Separated Scan Process: The antivirus scan now operates as a separate service from the main non-security service, ensuring more efficient memory usage and continuous protection even if the main service encounters issues. Database and Platform Support: Added support for Microsoft SQL Server 2019. The remote console was upgraded to support Java 11.
Enhanced Cloud Connectivity: Broadcom streamlined the process for enrolling Symantec Endpoint Protection Manager (SEPM) domains into the cloud console for hybrid management. System Requirements symantec endpoint protection 14.3 build 558
To ensure optimal performance of SEP 14.3 Build 558, systems should meet the following minimum specifications: Minimum Requirement Recommended Processor 2 GHz Intel Pentium 4 (2 cores) 4 cores or greater RAM 512 MB (Client) / 2 GB (SEPM) 4 GB (Client) / 8 GB (SEPM) Storage 16 GB for SEPM 100 GB+ for SEPM OS Support Windows 10, Windows Server 2019+ Latest patched versions Implementation and Management
Managing Build 558 involves using the Symantec Endpoint Protection Manager (SEPM) to deploy and update clients.
Installation: New installations typically use the Setup.exe found in the installation package.
Client Deployment: Administrators can use the Client Deployment Wizard to create and distribute installation packages.
Patches: Version 14.3.558.0000 was the initial full release for the 14.3 branch. Subsequent updates, such as SEP 14.3 RU1, expanded these capabilities with features like behavioral protection for macOS. Security Best Practices
To maximize the protection provided by Build 558, it is recommended to: Symantec ™ Endpoint Protection 14.3 Release Notes
Symantec Endpoint Protection (SEP) version 14.3 build 558 (14.3.558.0000), released in May 2020, introduced critical architecture changes and security enhancements designed to improve performance and simplify hybrid management. Core Architecture & Performance
Separated Scan Process: The antivirus scan now runs as a separate service from the main non-security service. This change ensures more efficient memory usage and provides "continual protection," meaning security scans remain active even if the main management service encounters issues.
SQL Server 2019 Support: The Symantec Endpoint Protection Manager (SEPM) now supports Microsoft SQL Server 2019 for its database backend. Enhanced Protection Features
AMSI Integration: Includes support for the Windows Antimalware Scan Interface (AMSI), allowing third-party applications to request scans for dynamic script-based malware (e.g., PowerShell, JavaScript, VBScript) before they execute.
WSS Traffic Redirection: The Integrations policy now allows for a Custom PAC file to replace the default one hosted by the LPS server. This is designed to solve compatibility issues with third-party apps that cannot work with local proxy servers on loopback adapters. Management & Connectivity
Cloud Console Enrollment: To connect a SEPM domain to the cloud console, administrators must now obtain an enrollment token through the Symantec Endpoint Security console.
External Logging Failover: Administrators can now configure a master logging server for syslog forwarding; if it goes offline, a secondary server automatically takes over to prevent log gaps.
Expanded API fields: The REST API response for computer status now includes additional fields such as quarantineStatus, quarantineCode, and wssStatus. Third-Party Component Updates Symantec Endpoint Protection (SEP) 14
To maintain security integrity, build 558 upgraded several underlying components, including: Apache Tomcat and Java. OpenSSL and OpenSC. Boost C++ Libraries, cURL, and SQLite. Client only patch Endpoint Protection 14.3 (14.3.558.0000)
If you are currently on SEP 14.2 or 14.3 RTM (5320), follow this upgrade matrix.
If you are currently on an older version (e.g., 14.2 or 14.3 RTM):
Symantec Endpoint Protection (SEP) version 14.3.558.0000 was the initial release of the 14.3 branch, launched on May 5, 2020
. It introduced significant architectural changes, specifically a shift toward cloud-based management and enhanced traffic redirection. Broadcom Community Key Features and Enhancements IPv6 Support
: Added full support for IPv6 communication between Windows, Mac, and Linux clients and the Symantec Endpoint Protection Manager (SEPM). WSS Traffic Redirection
: Introduced enhanced client authentication for Windows and Mac, directing web traffic to the Symantec Web Security Service (WSS) via Proxy Auto Configuration (PAC) files. Optimized Scanning
: Improved threat processing speeds for heavily infected systems during manual and Auto-Protect scans. Mac Firewall
: Integrated a managed firewall for Mac clients, allowing administrators to use the same SEPM firewall policies for both Windows and Mac environments. Broadcom TechDocs Known Issues and Technical Notes Regsvr32.exe Conflict : Users reported a critical bug where this build caused regsvr32.exe
to hang, preventing DLL registration and breaking software installers like Firefox. Upgrade Requirements
: To properly update 14.3.558 clients, the SEPM itself must be running at least version 14.3.558 to provide the necessary content updates. Security Feature Errors
: Some users encountered "disabled" status errors for features like Early Launch Antimalware and Memory Exploit Mitigation after upgrading from this build to later versions like 14.3 RU1 MP1. Broadcom Community System Requirements
: Requires approximately 150 MB on the installation drive, with an additional 135 MB needed specifically during the installation process. Incompatibility : This version does not support Itanium processors. Broadcom TechDocs
For detailed installation steps or current support status, you can refer to the official Broadcom Support Portal Symantec Tech Docs Are you planning to this specific build, or are you looking for migration steps to a newer version like RU9 or RU10? Client only patch Endpoint Protection 14.3 (14.3.558.0000) Part 5: The Upgrade Path – Migrating to
The standout feature of Symantec Endpoint Protection (SEP) 14.3 Build 558 (the initial 14.3 release) is the Antimalware Scan Interface (AMSI) integration, which allows the software to block dynamic script-based malware from third-party applications like PowerShell, JavaScript, and VBScript. Key Features of Build 14.3.558
Enhanced Script Protection: Uses Windows AMSI to scan user-provided scripts in real-time, blocking malicious behavior before execution.
Scan Process Separation: The antivirus scan now runs as a separate service from the main non-security service, improving memory efficiency and stability.
Microsoft Edge Support: Added browser intrusion prevention support for Edge, applying IPS signatures to inbound and outbound traffic.
Simplified Exceptions: You no longer need to manually exclude "known risks"; the policy focus shifts to SONAR behavioral-based exclusions.
SQL Server 2019: First version to introduce official support for Microsoft SQL Server 2019 databases. Important Release Notes Release Date: May 5, 2020.
Management Requirement: To update clients to this build, the Symantec Endpoint Protection Manager (SEPM) must also be upgraded to version 14.3.
Deployment: Includes a client-only patch for easier upgrading of existing endpoints. Comparison with Newer Versions
While 14.3.558 was a major step, Broadcom TechDocs shows that later "Refresh Updates" (RU) added critical capabilities: 14.3 RU1: Enhanced parsing for Excel-based threats. 14.3 RU3: Support for Windows 11 and Windows Server 2022.
14.3 RU8: Introduction of Adaptive Protection and enhanced EDR.
💡 Key Takeaway: Build 558 is best known for fixing the performance "overhead" of previous versions by decoupling the scan process from the management agent. If you'd like, I can: Provide the system requirements for this specific build.
Check if there are newer patches available for the 14.3 branch. Help with troubleshooting an upgrade from version 14.2. Client only patch Endpoint Protection 14.3 (14.3.558.0000)
Here’s a structured outline and draft for a blog post about Symantec Endpoint Protection 14.3 Build 558. You can use this as a template or final copy.
No software is bug-free. Administrators in user groups have reported:
KillerNetworkService.exe.Symantec Endpoint Protection 14.3 Build 558 is a solid maintenance release. It won’t reinvent your security posture, but it will reduce noise, improve stability, and keep legacy systems compliant. For IT teams stuck with SEP due to budget or regulation, this is a safe, low-risk upgrade.