ATP 2.0.3-10 has been deployed on a ESXi server. Network Scanner doesn't show any traffic. However, Endpoint shows the traffic.

Upon looking at /proc/net/pf_ring/*eth*, we see that pf_ring module is receiving no packets. This means that no packets are being sent to packet inspection via pf_ring.

6227-eth1.1:Tot Packets        : 0
6227-eth2.5:Tot Packets        : 0
6228-eth1.4:Tot Packets        : 0

ATP box WAN (connected to network adapter 2) and LAN (connected to network adapter 3)and vSwitches have not been configured to promiscuous mode ACCEPT.

Make sure vSwitches are in promiscuous mode ACCEPT and in ATP Network Adapter 2 on WAN and Adapter 3 on LAN.

After the change and follow the below steps:

1) Login as root and  make sure packet_inspection_process and file_inspection_process_host are in RUNNING state by 

 /opt/symantec/sgs-td/bin/shmc service all:status

2) visit symantecatp.com and download few test files from the site. 

3) We should inspect traffic now. You should see fastlog_pi and service_host_file_inspection_process_host.log files getting updated.

4) The UI dashboard will get updated within few minutes with traffic inspected information.