Lacks native FIM. It focuses on antivirus, SONAR (behavioral detection), and firewall. It does not monitor registry keys, system files, or configuration files for "unauthorized changes" in the traditional FIM sense (e.g., hashing files at rest to detect tampering).
This acts as a real-time FIM for the SEP software itself and critical registry keys. Lacks native FIM
Out of the box, traditional does not include a standalone File Integrity Monitoring (FIM) module comparable to what you would find in a dedicated File Integrity Monitoring solution (e.g., Tripwire, OSSEC, or Qualys FIM). This acts as a real-time FIM for the
In the newer Symantec Endpoint Security (SES) Complete or EDR products (cloud-native), file integrity monitoring is often delivered via File Change Monitoring or through Host Integrity Policies . These track changes to critical operating system files and registry keys, but they are typically tied to the EDR (Endpoint Detection and Response) module rather than a standalone FIM license. These track changes to critical operating system files
In many dedicated security tools, FIM is a standalone module. In Symantec Endpoint Protection, FIM is a sub-component of the system.