Hello all, my SEPM is at level 12.1.6860.6400, do I need to upgrade it to 12.1.6867.6400 ?

Thanks.

There has been a few patches & security fixes, so yes, I'd upgrade to the new version.

I have the same version as yours currently on all of my 5 sites and I plan to upgrade them next week to the latest version.

No you don't have to upgrade basically they both are the same version.

here is official response.

"There was a certificate problem with the original MP4 build (12.1.6860.6400) which caused *some* but not all customers issues during the installation of the maintenance patch. If you didn’t encounter any problems during the installation, then you should be covered and protected from the vulnerability. 

look at TTiger's response in the below thread,

https://www-secure.symantec.com/connect/forums/sep-121-ru6-mp4-now-available-download#comment-11598021 

Note: you don't have to upgrade unless you face any challenge during installation.

Hello,

There are few fixes and it takes care of the latest critical Symantec Vulnerability -  SYM16-003

https://www.symantec.com/security_response/securityupdates/detail.jsp?fid=security_advisory&pvid=security_advisory&year=&suid=20160317_00

12.1 RU6 MP4 (12.1.6 MP4)

• Build number: 12.1.6867.6400
• Release date: 15 Mar 2016
• More information: New fixes in Symantec Endpoint Protection 12.1.6 MP4

• Bandwidth throttling for Group Update Providers.
• Automatic exclusions for Veritas-branded product components and archives for Backup Exec, NetBackup, and System Recovery.
• Reports now include and display file hash information.
• Notification area icon for Ubuntu 14.04.

Regards,

The thing is... their reply states:

"If you didn’t encounter any problems during the installation, then you should be covered and protected from the vulnerability"

"Should" is not good enough. I would rather be on the latest version, knowing that I will be covered & protected, if I am honest with you...

well yes, but the initial release itself was carrying the fix in the first place. End of the day it you who are going to call the shots.

Hi

According with Tech Support the difference between .60 and .67 is a Comodo certificate.

If there's an issue with the .60 will appear during installation.

Please review the TECH134495, Note: Only the signing aspects were changed in this specific build; no functional code changes were made.

Error: "The installer integrity check failed…" when installing Endpoint Protection Manager or client

https://support.symantec.com/en_US/article.TECH234495.html

This issue does not impact the majority of computers; however; in rare cases computers may not have updated root certificates or the computers may have been configured to not trust the Comodo certificate in question.

It seems unless computers are impacted due to certifcate problem it's not required to upgrade SEPM/SEP client because this issue only impacts the installation of the product.

Symantec published KB article to explain more about this problem. I will recommend to go through it:

Article: Error: "The installer integrity check failed…" when installing Endpoint Protection Manager or client

URL: http://www.symantec.com/docs/TECH234495