search cancel

ATP 2.0 may not recognize that the SEP endpoint is now managed by another SEPM instance

book

Article ID: 162736

calendar_today

Updated On:

Products

Symantec Products

Issue/Introduction

When a Symantec Endpoint Protection (SEP) endpoint is moved from one Symantec Endpoint Protection Manager (SEPM) site to another, Advanced Threat Protection (ATP) may not recognize that the endpoint is now managed by the other SEPM site. Moving a SEP client from one SEPM site to another can result in ATP sending commands to the wrong SEPM and never completing. This move within SEPM can also result in group/OS information being incorrect in the ATP user interface.

Cause

One or more SEP clients report to more than one SEPM sites, but those SEPM sites do not replicate with each other.

Resolution

If you plan to connect multiple SEPM sites to ATP and those SEPM sites do not replicate to each other, manually remove any endpoint client from a SEPM site before moving it to a new SEPM site.