search cancel

Are Advanced Threat Protection platform or Symantec Endpoint Detection and Response appliance software FIPS compliant?


Article ID: 150939


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform Endpoint Protection with Endpoint Detection and Response


 You may have a requirement for Windows servers and/or clients to be in FIPS mode.


Release : SEP 14.3.x, EDR 4.6.x

Windows 10 and Windows Server 2012 and newer will have this registry key enabled:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy "Enabled"=dword:00000001


The ATP and SEDR appliances are not FIPS compliant under any software version. SEP Clients on FIPS-mode enabled Windows will not be able to Enroll to the appliances for the ECC 2.0 feature.

Some window server stays with 'Not connected' when connecting to EDR, on EDR console it shows 'authentication pending, If FIPS mode is enabled.

There may be several other clients of the same group in SEPM that are connected to EDR from the same network segment.

In Client debug logs:

2021/12/17 13:44:39.621 [2552:3696] edrmanagement: Failed to get Dynamic\EDR\Management\CMP\Config\enabled property. Use default value = 0x1(true)..
2021/12/17 13:44:39.624 [2552:3696] edrmanagement: Data 'Reenrolling' is not found. Use default value '0'
2021/12/17 13:44:41.213 [2552:4820] <SetHIContentInfo>: g_CVEHandler is null!

Disable FIPS mode.

Registry Path: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\FipsAlgorithmPolicy
Change Enabled value to 0.

Additional Information