Does Symantec support managing Symantec Endpoint Protection (SEP) clients of a higher version than the Symantec Endpoint Protection Manager (SEPM) they're managed by?
Per best practice, all SEPMs and SEP clients in an organization should be upgraded to the latest available software release as soon as it becomes available. This ensures that management components and endpoints can take advantage of the most recent enhancements and improvements, addresses potential vulnerabilities and fixes noted defects. For specific information on upgrading to the latest release, please see Upgrading and Migrating to the Latest Release of Symantec Endpoint Protection (SEP).
However, maintaining a consistent release version across all SEPMs in an organization is not a requirement for support. It is supported to have newer SEPMs managing older SEP clients. Managing newer SEP clients with an older SEPM release, however, is not. (For 14.3 RU5 and newer, see: SEP client builds and SEPM compatibility.)
In the event that an older client is managed by a newer SEPM, the client will only adhere to policy features that the client has. In the event that an older SEPM is managing a newer client, new client features will not be configurable from the SEPM, the client will not be able to take advantage of newer features or policy options and the SEPM may be unable to deliver definition content to the clients. Client-server communication will work to report client status, however version inconsistency between SEPM and Client may result in some features being partially functional or completely unavailable. Best practice is to upgrade the SEPM first, and then upgrade clients to the same version as soon as possible.
Note: There are instances where the latest release is necessary on both SEPM and SEP client to completely correct a known issue or for the SEPM to provide policy or content information to the clients. Symantec Technical Support can provide details and will recommend upgrading both the SEPMs and SEP clients in these instances.
If there are multiple SEPMs in an organization, a consistent version of the software should be maintained on them all. Replication failures and other complications will arise if separate sites are operating with different releases of the database schema, and this is considered unsupported.
As above, SEP 14.3 client use a newer definition format and and cannot get content updates from SEPM versions 14.2.x or older.
While possible for most versions, clients may not communicate properly.