Symantec+endpoint+protection+1431215410000+p+patched May 2026

To fully appreciate the "patched" status, we must first break down the versioning scheme:

The string 1431215410000 likely concatenates 14.3.1215.410000 into a single index-friendly identifier used by patch management systems (e.g., Microsoft SCCM, Symantec Patch Manager, or third-party vulnerability scanners). The p in the keyword explicitly flags that this version includes a post-release security or stability patch, meaning the base build has been altered from its original shipped state.

Add a custom detection filter in your vulnerability scanner:

For Qualys/Tenable:

exclude: patch = "1431215410000" AND product = "Symantec Endpoint Protection"

Artifact String: symantec+endpoint+protection+1431215410000+p+patched Subject: Symantec Endpoint Protection (SEP) Classification: Security Software (Modified/Repackaged)

As of 2025, SEP 14.3 RU1 (patched or unpatched) is considered legacy. Broadcom’s current long-term support branches are:

However, many air-gapped, government, and industrial control system (ICS) environments still rely on symantec+endpoint+protection+1431215410000+p+patched due to strict change management policies. If you are still on this build, you should plan an upgrade to at least 14.3 RU7 to receive modern TLS 1.2+ support and detections for post-2023 ransomware families. symantec+endpoint+protection+1431215410000+p+patched

Broadcom provides direct upgrade paths:

Do not attempt to upgrade from the patched 14.3.1215 to a newer release without first removing the hotfix; doing so can cause service crashes.

Fix: Add an application control exception for vpnagent.exe and disable HTTPS decryption for the VPN tunnel IP range. To fully appreciate the "patched" status, we must

Use Section 2 methods. If version is 12.1.x, it is end-of-life (EOL since 2018).

Risk Level: 🔴 HIGH

The presence of the term "patched" in the filename is a major security red flag for the following reasons: The string 1431215410000 likely concatenates 14