Maintenance Entitlement Overview for Symantec Endpoint Encryption (on-premises)


Article ID: 178880


Updated On:


Endpoint Encryption




This article describes the entitlements associated with Maintenance for Symantec Endpoint Encryption (on-premises) and the resources available when you renew your Maintenance.


Deployment Methods

Symantec Endpoint Encryption is designed for on-premises deployment.

On-premises software (often abbreviated as on-prem software, and also called “on-premise” software) describes a software delivery model where the software product is installed and operated on the computer infrastructure that is entirely located at the premises of the organization using the software.

Licensing and renewal basics

Symantec’s encryption portfolio provides flexible data protection through a range of offerings including endpoint, file and folder, and email encryption:

  • Symantec Endpoint Encryption: Protection for data stored on hard drives in laptops, desktops, servers, as well as data stored on removable media from loss or theft.
  • Email Encryption: Protection for email throughout a message’s journey, both at rest and in transit.
  • File and Folder Encryption: Protection for batch transfers, collaboration and file sharing within an organization and via the cloud.

Symantec Endpoint Encryption is licensed per Device. Other Symantec encryption products are licensed as follows:

  • Email Encryption – per User
  • File Share Encryption – per User
  • PGP Command Line – per CPU
  • Command Line Management – per Server (Key Management Server)

The information in this KB article relates to the Symantec Endpoint Encryption 11.2 product only.

Symantec encryption software for on-premises deployment can be purchased according to the following license models:


Symantec encryption products that are perpetually licensed are sold as bundles consisting of a perpetual software license for the software product, and a Maintenance entitlement for a finite term (12 months or 36 months). For new customers, this means that Maintenance is included in the initial purchase price.

An encryption bundle consists of:

  • The perpetual software license that entitles you to use the core features and functionality delivered by the purchased version of your encryption product indefinitely, for a specified quantity based on the Use Level that is stated in the End User License Agreement (EULA).
  • Maintenance entitlement (for 12 month or 36 month term) in equal quantity to the perpetual license quantity, providing access to the following benefits:
    • Version Upgrades (major releases) approximately every 6 to 12 months at no extra cost. Major Release incorporates the last Minor Release (if one has occurred) and may include architectural changes, major feature changes, new platform support and new operating systems support. It typically requires a new installation. 
    • Product updates (minor releases) as needed. Minor Release incorporates all previous Maintenance Packs and Fixes since the prior Major Release. It is tied to the preceding Major Release and may contain new features, new platform support, new operating system support, and the latest maintenance updates. It typically requires a new installation. 
    • Break fixes, patches and enhancements (Maintenance Packs) providing critical security protocol updates, quarterly (typically). Maintenance Pack provides cumulative bug fixes for a particular Major Release or Minor Release of Licensed Software, but contains no new features or functionality. It is generally installed as an overlay - also known as patch. 
    • 24/7/365 Technical Support (Essential Support)
    • Various online support and learning options

Renewal: Your entitlement to access Maintenance benefits expires at the end of the Maintenance term. Prior to the expiry date, Maintenance must be renewed for continued access to benefits that sustain and maximize the original data protection investment, including access to the latest product versions, critical updates and technical support. To remain compliant, the Maintenance quantity being renewed must equal the aggregate software license quantity.


A Symantec encryption on-premises subscription entitles you to use the encryption software product and access Maintenance benefits for a specified quantity based on the Use Level that is stated in the End User License Agreement (EULA), and for a specified term. The subscription term may be 12 or 36 months.  

For the duration of the subscription term, an encryption on-premise subscription provides access to:

  • The software features and functionality delivered by the purchased version of your encryption product
  • Maintenance benefits:
    • Version Upgrades (major releases) approximately every 6 to 12 months at no extra cost. 
    • Product updates (minor release) as needed. 
    • Break fixes, patches and enhancements (Maintenance Packs) providing critical security protocol updates, quarterly (typically).
    • 24/7/365 Technical Support (Essential Support)
    • Various online support and learning options

Renewal: Your entitlement to use the software product and access Maintenance benefits expires after the subscription term. To ensure continued access to the software product and to Maintenance benefits, you must renew your subscription prior to the end of the subscription term.

Compliance Obligations

You are responsible for managing your Symantec encryption software licenses and corresponding Maintenance entitlements on an ongoing basis as follows:

Perpetual: Maintenance for perpetually licensed Symantec encryption products is purchased and renewed on a per license basis. To ensure full and continued access to your Maintenance benefits, the Maintenance quantity must always match the aggregate quantity of your software licenses (original purchased quantity plus any additional software licenses for the same product purchased subsequently).

Subscription: Where Symantec encryption is licensed by subscription, your rights to use the software and access to Maintenance, end on the subscription term end-date.

To avail of Maintenance benefits for software licenses not under Maintenance would be considered a breach of Symantec’s End User License Agreement. You are also reminded that use of a perpetually licensed Symantec encryption product above the specified quantity would be considered over-deployment and a breach of your license grant.

Visit Licensing Information to learn about licensing basics, license compliance and find resources to assist you. For assistance with all your non-technical licensing queries, contact Customer Support.

Value of Maintenance and the importance of renewing

Symantec Endpoint Encryption 11.2 provides disk encryption, removable media encryption and management (via Symantec Endpoint Encryption Management Server) that:

  • Protects your sensitive data at-rest on laptop and desktop hard drives, as well as removable devices (like USBs, portable hard drives, SD cards, and CD/DVD/Blu-ray media) by rendering data inaccessible to unauthorized parties
  • Facilitates compliance with data privacy laws and security regulations
  • Provides visibility and customized reporting capabilities

Data is big business for cyber-criminals and breaches are more prevalent than ever. Over half a billion personal records were stolen or lost in 2015, with 43% of beaches due to theft and loss of laptops and removable media[1]. The impact of a data breach on an organization is huge in terms of brand reputation, compliance, productivity, not to mention overall cost. The average recovery cost from a breach has been estimated at $4 million[2] (not including costs associated with a damaged brand or fines arising from compliance audits).

In a world where data breaches are proliferating, and corresponding data privacy regulations are frequently changing, coupled with constantly evolving technologies, it’s critical that your encryption solution runs optimally at all times. Maintenance provides continuous access to the latest updates that keep your valuable data protected so that you can remain compliant, and are protected from the financial or reputational consequences associated with data-related theft.

Maintenance Benefits

Your Maintenance entitlement provides: critical security protocol updates for continuous data protection that is in line with the latest regulatory requirements; product updates that patch vulnerabilities, and extend platform and OS support; cutting-edge encryption features and functionality with the latest product versions; and Symantec technical support 24/7/365, for the times you need it most.

Designed to safeguard and maximize your encryption investment, current[3] Maintenance entitles you to a wide range of benefits for the duration of your Maintenance term:

Running the latest version of Endpoint Encryption[4] is critical for ongoing protection of your sensitive data. As one of the world’s prominent encryption vendors, Symantec invests hugely in R&D resulting in significant product innovations and architecture enhancements. With current Maintenance you can upgrade to the latest version at no extra cost.

New versions are typically released every 6 to 12 months, providing ongoing supportability and improved features, functionality, performance and control in every release such as:

  • Extended 3rd party support for heterogeneous encryption management of File Vault for Mac OS X and BitLocker for Windows that enables platform-agnostic encryption management.
  • Broader support and management capabilities for Opal v2-compliant self-encrypting drives from a variety of manufacturers including Intel, Kingston, Lenovo, Micron, Samsung, SanDisk and Seagate.
  • New platform support as required across a wide range of Windows and Mac operating systems, and others including VMware vSphere and Citrix XenDesktop.
  • Extended coverage for emerging technologies such as Symantec Endpoint Encryption Management Server support for Amazon Web Services.
  • Support for a continually expanding hardware ecosystem including Microsoft Surface Pro 4 tablets.
  • Clever, new encryption management features:
    • Role-based access control for client administrators (privilege based, granular access based on job duties) and extended admin capabilities for user registration management, drive decryption and lockout management.
    • Advanced end-user authentication management including password synchronization, password aging management for removable media, and both online and offline Windows password recovery with Simple Authentication reducing the need for Help Desk assistance and overall cost of deployment.
  • Ongoing performance, functionality and usability enhancements:
    • Symantec Endpoint Encryption Management Server updates allowing easier distribution of Internet Information Services credentials without the need to create and deploy modified Management Agent packages.
    • More efficient enterprise-scale deployment with Single Server Installer for reduced server set up time.
    • Built PGP Strong: High performing, strong encryption, built with PGP Hybrid Cryptographic Optimizer (HCO) technology that utilizes AES-NI hardware within existing operating systems for even faster speeds.
    • Improved automation with Active Directory and Non-Active Directory synchronization of individual and group policies, and keys.
  • Better policy management: Centralized administration from the Symantec Encryption Management Server’s management console allows administrators to:
    • Configure and Update the Symantec Endpoint Encryption policy options.
    • Issue server-based commands to encrypt or decrypt drives.
    • Run reports.
    • Run the Help Desk Recovery Program.
  • Increasingly sophisticated reporting capabilities from Symantec Endpoint Encryption Management Server with proven compliance-based out-of-the-box reporting, and deep customization options allowing administrators to quickly prove that systems were protected in the case of loss or theft for ongoing compliance and adherence to data privacy and security regulations.
  • Continuous integration for deeper endpoint security:  Blend with Symantec Data Loss Prevention for an even stronger security, user-friendly endpoint security solution with automatic encryption of sensitive data being moved onto removable media devices.
  • Improved migration capability from other Symantec endpoint encryption solutions without requiring uninstallation or any decryption.
  • Greater scalability: Provides the ability to manage and support hundreds of thousands of endpoint machines.
  • Continuous product innovation, optimization and adaptability with regular product updates

Critical software updates, enhancements, bug fixes and patches that address vulnerabilities, and enable your product to work optimally with increased stability, and adapt to technology and operating system changes via regular Maintenance Pack and Minor Releases. The more up-to-date Endpoint Encryption is, the better it will function, evolve and adapt.

Of critical importance are the frequent Maintenance Pack updates that support any new, and changes to existing, industry standards and regulations on data privacy and security that impact your use of encryption such as:

  • PCI (Payment Card Industry) regulations that protect names, card numbers, and other identifiable information
  • DSS (Data Security Standard) rules on what data organizations must encrypt
  • HIPAA (Health Insurance Portability and Accountability Act)
  • HITECH (Health Information Technology for Economic and Clinical Health)
  • GLBA (Graham Leach Bliley Act) rules on how financial institutions deal with the individual’s private information

Technical assistance is fundamental to the successful installation, deployment and day-to-day operation of your encryption product. Symantec’s skilled Technical Support Engineers are available around the clock, every day of the year to help with your technical questions and resolve product issues.

  • Published Service Level Agreements by issue severity.
  • Global reach with 1,200 technical support professionals in 13 centers (English primarily, with commercially reasonable efforts to provide non-English language support during regional business hours, subject to our having available resources) .
  • Continuous support for Severity 1 cases using a follow-the-sun model.
  • Case creation online using MySymantec or by phone.
  • Up to 6 designated contacts.
  • Various self-help options to problem-solve and assist
  • Knowledge Base with technical notes, how-tos, tips and more.
  • Product Documentation with user guides and reference documentation.
  • Symantec Connect forum to engage online with other customers and Symantec technicians.
  • Symantec Blog with latest cybersecurity news, recommendations, opinion and analysis
  • Symantec’s eLibrary with access to over 1500 on-demand, online training modules
  • Cost Savings

Renewing your Maintenance will allow you to realize the long-term cost savings by never having to buy a new version again. Running the latest version lowers total cost of ownership and avoids the higher costs associated with technical difficulties involved with future migrations.

  • Cost Avoidance

Current Maintenance provides you access to the latest updates that keep your sensitive data protected. It helps you mitigate potential revenue loss arising from lost or compromised data, downtime and damaged reputation, and helps you avoid penalties associated with audits and non-compliance with regulatory protocols.

How to renew

On-time renewal of Maintenance is essential to safeguard the value of your Symantec encryption software investment.

You should contact your reseller to arrange your renewal. For more information, consult our Renewals FAQ.

Once renewed you will need to update your software product in order to activate the new Maintenance term. Visit Getting Started for information about how to activate your renewal. Need help? Contact Symantec Customer Care.

Risks associated with not renewing

If you fail to renew Symantec Endpoint Encryption before the Maintenance expiry date, encryption functionality[5] will be severely compromised and you will no longer be able to access the benefits of Maintenance previously outlined.

Critically, you won’t have access to the latest security protocol updates that are necessary to retain compliance with data privacy laws and security regulations. 

Your security posture will be further compromised as you won’t be entitled to access the latest software versions that enable compatibility with updated heterogeneous, 3rd party encryption management systems and O/S, and provide coverage for emerging platforms and technologies. You will also lose out on the benefits of innovative features and product updates designed to enhance encryption functionality and management capabilities for improved productivity and lower total cost of ownership.

Finally, you will be denied access to technical support for help with urgent encryption matters and will no longer be able to log technical support cases online via MySymantec.

To safeguard the ongoing security of your organization’s data; enjoy continued regulatory compliance and associated penalty avoidance; and to avoid security risk and resultant reputational damage, you simply cannot afford to let Maintenance for your Symantec Endpoint Encryption product expire. Not renewing is not an option.


[2] Cost of Data Breach Study: Impact of Business Continuity Management, Ponemon Institute, June 2016

[3] Maintenance is considered “current” when both term (start and end dates of the Maintenance term) and quantity (Maintenance quantity should match software license entitlement quantity of the product being supported) criteria are met. Customers with expired Maintenance lose their entitlements to Maintenance benefits .

[4] What’s New in Endpoint Encryption

[5] Functionality of other products in Symantec’s encryption portfolio are similarly compromised: Email Encryption loses email message encryption capability; File & Folder Encryption data remains encrypted indefinitely; and Drive Encryption data is automatically decrypted.