This document describes the policy serial number as used in Symantec Endpoint Protection.

The policy serial number is used to identify the last time a policy change occurred for a group in the Symantec Endpoint Protection Manager (SEPM).The SEPM updates a group's policy serial number every time that the client's security policy is changed. When a Symantec Endpoint Protection (SEP) client connects to the SEPM, it receives the latest security policies and the latest policy serial number from its manager.

The policy serial number is made of two elements. See the example below:

A3AF-01/30/2012 23:50:54 284

"A3AF" are the first four digits of the Group ID. All Group IDs can be found in %SEPM%\data\outbox\agent. Each Group ID maps to a subfolder in the agent folder which contains all policies for that specific group.

"01/30/2012 23:50:54 284" is the last modification date and time in GMT of the policies for that particular group.

In certain situations, a database maintenance task may clean up stale data, causing the policy serial number to update. This is normal, and there is no actual change to the policy settings.

With SEPM sites in Replication: 

Differences in content and client packages between sites may trigger a policy serial number update: The Policy Serial Numbers for all groups in the Symantec Endpoint Protection Manager are updated after LiveUpdate runs (broadcom.com)