search cancel

Are Advanced Threat Protection platform or Symantec Endpoint Detection and Response appliance software FIPS compliant?

book

Article ID: 150939

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform Endpoint Protection with Endpoint Detection and Response

Issue/Introduction

 You may have a requirement for Windows servers and/or clients to be in FIPS mode.

Environment

Release : SEP 14.3.x, EDR 4.6.x

Windows 10 and Windows Server 2012 and newer will have this registry key enabled:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy "Enabled"=dword:00000001

Resolution

The ATP and SEDR appliances are not FIPS compliant under any software version. SEP Clients on FIPS-mode enabled Windows will not be able to Enroll to the appliances for the ECC 2.0 feature.

Some window server stays with 'Not connected' when connecting to EDR, on EDR console it shows 'authentication pending, If FIPS mode is enabled.

There may be several other clients of the same group in SEPM that are connected to EDR from the same network segment.

In Client debug logs:

2021/12/17 13:44:39.621 [2552:3696] edrmanagement: Failed to get Dynamic\EDR\Management\CMP\Config\enabled property. Use default value = 0x1(true)..
2021/12/17 13:44:39.624 [2552:3696] edrmanagement: Data 'Reenrolling' is not found. Use default value '0'
2021/12/17 13:44:41.213 [2552:4820] <SetHIContentInfo>: g_CVEHandler is null!

Disable FIPS mode.

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Change Enabled value to 0.

Additional Information

Attachments