The Symantec Endpoint Protection Manager (SEPM) database or the Symantec endpoint security(SES) console dashboard contains multiple Hardware IDs that are duplicates.
This situation arises when deploying multiple Windows computers, whether physical or virtual, by cloning a base hard drive image that has a Symantec Endpoint Protection (SEP) or Symantec endpoint security (SES) client installed.

Microsoft Windows
Release : 14.3Ru6 and Above

Not following best practices to prepare SEP clients for cloning or composing a VDI golden image leads to problems with cloned clients. These problems are caused by duplicate Hardware ID's, which affect management and reporting accuracy.  
For more information regarding the preparation of Endpoint Protection Client for cloning, see How to prepare an Endpoint Protection client for cloning.

Windows Client version 14.3Ru6 and later can automatically correct duplicate Hardware IDs by unenrolling and enrolling again the Symantec agent using the SMC.exe as explained below.

 Repairing clients using SMC.exe (14.3 Ru6 and above)

1- Run "smc -image" which unenrolls the Symantec Agent .  When you have a password set in the System Policy.  The command needs to include -p password "smc -p password -image"

NOTE: The /IMAGE command does not remove enrollment information if the agent includes Secure Connection feature.

2- Run " smc -start" to start the SES/SEP services and generate a new hardware ID.

3-  Once completed , enroll the unmanaged devices.
     After the SEP/SES agent starts with a new hardware ID, it becomes unmanaged and loses connection to Symantec Endpoint Protection Manager (SEPM) or SES console dashboard. As a result, it cannot be administered through the console.

To enroll an unmanaged device see the below:

For Symantec endpoint security : Enrolling unmanaged devices
For Symantec endpoint Protection: Replace Client-server communication  file on the client computer