When a Symantec Endpoint Protection (SEP) endpoint is moved from one Symantec Endpoint Protection Manager (SEPM) site to another, Advanced Threat Protection (ATP) may not recognize that the endpoint is now managed by the other SEPM site. Moving a SEP client from one SEPM site to another can result in ATP sending commands to the wrong SEPM and never completing. This move within SEPM can also result in group/OS information being incorrect in the ATP user interface.

One or more SEP clients report to more than one SEPM sites, but those SEPM sites do not replicate with each other.

If you plan to connect multiple SEPM sites to ATP and those SEPM sites do not replicate to each other, manually remove any endpoint client from a SEPM site before moving it to a new SEPM site.