To meet the standards of regulatory compliance or to increase security in your environment, you want to restrict communication to use TLS 1.2 between Symantec Endpoint Protection Manager (SEPM) 14, and the clients that it manages. However, you do not want to orphan your clients in the process.
Perform the following tasks to configure client and server communication to only use TLS v1.2.
For all supported operating systems, such as Windows 7, you must do one of the following:
Ensure the computer has Internet Explorer 11 installed, and that TLS 1.2 is enabled under Internet Options > Advanced > Security.
Ensure that TLS 1.2 is enabled under the System account settings. See Technical Information for details how to accomplish this task.
For all unsupported operating systems that run SEP 12.1.x, such as Windows XP / Server 2003, that do not support TLS 1.2, do the following:
Under Policies > Policy Components > Management Server Lists, create a new management server list that uses HTTP, which communicates over port 8014. Add this server’s address, and click OK to save.