On devices running embedded Operating Systems that are upgraded to 14.3 RU4, Application Hardening is not installed as expected. This only happens if the Symantec Endpoint Protection (SEP) agent downloads the upgrade package from a LiveUpdate Administrator.
When a SEP agent downloads an installation package from LiveUpdate Administrator that upgrades the agent version, the installed feature set does not change. This is by design. If the existing pre-14.3 RU4 agent feature set did not include Application Hardening, the feature will not be added when the agent upgrades to 14.3 RU4.
Additionally, on embedded Operating Systems the SEP agent installation files are not cached so it is not possible to modify the feature set after install.