Does Symantec support managing Symantec Endpoint Protection (SEP) clients of a higher version than the Symantec Endpoint Protection Manager (SEPM) they're managed by?

• SEP 14.x

Best Practice Calls for the Latest Version

Per best practice, all SEPMs and SEP clients in an organization should be upgraded to the latest available software release as soon as it becomes available. This ensures that management components and endpoints can take advantage of the most recent enhancements and improvements, addresses potential vulnerabilities and fixes noted defects. For specific information on upgrading to the latest release, please see Upgrading and Migrating to the Latest Release of Symantec Endpoint Protection (SEP).

SEP Infrastructure Functionality with Different Releases

However, maintaining a consistent release version across all SEPMs in an organization is not a requirement for support. It is supported to have newer SEPMs managing older SEP clients. Managing newer SEP clients with an older SEPM release, however, is not. (For 14.3 RU5 and newer, see: SEP client builds and SEPM compatibility.)

In the event that an older client is managed by a newer SEPM, the client will only adhere to policy features that the client has. In the event that an older SEPM is managing a newer client, new client features will not be configurable from the SEPM, the client will not be able to take advantage of newer features or policy options and the SEPM may be unable to deliver definition content to the clients. Client-server communication will work to report client status, however version inconsistency between SEPM and Client may result in some features being partially functional or completely unavailable. Best practice is to upgrade the SEPM first, and then upgrade clients to the same version as soon as possible.

Note: There are instances where the latest release is necessary on both SEPM and SEP client to completely correct a known issue or for the SEPM to provide policy or content information to the clients. Symantec Technical Support can provide details and will recommend upgrading both the SEPMs and SEP clients in these instances.

Maintain a Consistent Version Level on all SEPMs

If there are multiple SEPMs in an organization, a consistent version of the software should be maintained on them all. Replication failures and other complications will arise if separate sites are operating with different releases of the database schema, and this is considered unsupported.

SEP 14.3 clients cannot be managed by 14.2 or older SEPMs

As above, SEP 14.3 client use a newer definition format and and cannot get content updates from SEPM versions 14.2.x or older.

While possible for most versions, clients may not communicate properly.