In testing, policy changes are made to an existing policy and saved.  However, while the changes were applied, a new policy version isn't being generated as expected. 

Symantec Endpoint Security Complete (SESC)
Endpoint Security

Only policies that are applied to an existing group, and that are changed will increment the policy version number. This same behavior can be observed across all policy types.

This observed behavior is working as designed.
Recommendation: To ensure the policy changes are recorded in a new policy iteration, assign the policy to an existing group first, and then make the desired changes.

Guidance for unassigned policies:
When a policy with multiple versions exist (e.g., five versions) and is unassigned from a group, editing an older version (such as version 3) will not modify that specific version. Instead, the changes will automatically apply to the most recent policy iteration (version 5). This behavior is also per design.

Note: In a future release, earlier versions of unassigned policies will become read-only.

Recommendation: If you need to use an earlier version of an unassigned policy, please assign it to an existing group first before editing.
If that isn't feasible, "clone" or "duplicate" the desired version. Once done, this will create a new policy version with its same policy configuration which can be reassigned elsewhere.

CRE-23552
CDM-136351
CRE-23610