What's new for Symantec Endpoint Protection 14.3?

This section describes the new features for the 14.3 release.
Protection Features
  • Third-party application developers can protect their customers from dynamic script-based malware and from non-traditional avenues of cyberattack. The third-party application calls the Windows AMSI interface to request a scan of user-provided script, which is routed to the Symantec Endpoint Protection client. The client responds with a verdict to indicate on whether or not the script behavior is malicious. If the behavior is not malicious, then the script execution proceeds. If the script’s behavior is malicious, the application does not run it. On the client, the Detection Results dialog box displays a status of "Access Denied." Examples of third-party scripts include Windows PowerShell, JavaScript, and VBScript. Auto-Protect must be enabled. This functionality works for Windows 10 and later computers. See:
Symantec Endpoint Protection Manager
  • The Symantec Endpoint Protection remote console now supports Java 11 instead of Java 8. To access the remote console, open a supported web browser and type the following address in the address box:
    and download new remote console package. Follow the instructions mentioned. The previous version of the Symantec Endpoint Protection Manager remote console is no longer supported. See:
  • You can configure one of the Symantec Endpoint Protection Managers on the site as a master logging server to forward logs to the syslog server. If the master logging server goes offline, a second management server takes over and forwards logs to the syslog server. When the master logging server comes back online, it resumes forwarding the logs. See:
    Configuring a failover server for external logging
  • The Integrations policy has a new option for WSS Traffic Redirection,
    Enable LPS Custom PAC file
    . This option lets you replace the default PAC file that is hosted by the LPS server on the client with a custom PAC file. The custom PAC file solves compatibility issues with third-party applications that do not work with a local proxy server listening on the loopback adapter.
  • Support for the Microsoft SQL Server 2019 database.
  • The antivirus scan process now uses a separate service from the main non-security service. This new scan process brings more efficient memory usage, continual protection, and less dependency on issues with the main service. See:
  • The database schema includes new columns as part of a feature for a future release. (AGENT_SECURITY_LOG_1, AGENT_SECURITY_LOG_2, SEM_AGENT tables)
  • The Rest API has the following fields in the /sepm/api/v1/computers API response JSON to call and download the Computer Status report: quarantineStatus, quarantineCode, wssStatus, pskVersion.
  • Upgraded the following third-party components to newer versions: Apache Tomcat, Boost C++ Libraries, cURL, Jackson-core, jackson-databind, Jakarta Activation, Java, logback, Microsoft JDBC Driver for SQL Server, OpenSC, OpenSSL, Spring Security, spring-framework, sqlite.
  • To enroll the Symantec Endpoint Protection Manager domain in the cloud console, you must first get the enrollment token through the Symantec Endpoint Security console. Previously, you got the enrollment token by clicking
    Get Started
    on the
Client and platform updates
  • The Windows client supports Windows 10 20H1 (Windows 10 version 2004)
  • The Linux client now supports Ubuntu 18.04, RHEL 8, and CentOS 8.
  • The AppRemover tool was updated to a newer version. The AppRemover tool removes third-party applications before you can install the Windows client. For more information on which applications it removes, see:
Features Removed
  • The following notifications no longer show the
    Risk severity
    Risk type
    fields: Risk Outbreak, Single Risk Event, New Risk Detected.
More information