Are communications between ATP and the SQL server for SEPM encrypted?
SEPM-SQL server is not encrypted by default.
Like Symantec Endpoint Protection Manager (SEPM), Advanced Threat Protection (ATP) server authenticates to SQL Server with a clear text database owner user name and password. To maximize the security posture of remote SQL Server communications, place both servers in the same secure subnet
The following excerpts from documentation for SEP make clear best practices related to communications with the SQL server that hosts the SEPM database: