Advanced Threat Protection (ATP) may loose its connection with Symantec Endpoint Protection (SEPM) if multiple SEPM Admin accounts were used when configuring the communication settings initially.

The SEPM Status in Global Settings > Endpoint Detection and Response > Symantec Endpoint Protection Manager (SEPM) Web Servers may show a Connection Error.

Verify the SEPM Admin account's validity:

• Navigate to SEPM's Web Service Application Registration page: https://<SEPM_IP_Address>:8446/sepm/webservices
  • The account and password should be same as the one used to logon to SEPM itself.
  • If no separate Domains were configured in SEPM, leave the Endpoint Protection Domain blank.
  • If separate SEPM Domains exist, provide the apppropriate credentials. (Note: In this case to logon to the Default Domain, type in "Default")

In the Web Service Application Registration page, the entry that corresponds to the SEPM accounts to be verified are in the "Application Name" column.
The entry format is <SEPM_Domain>/<SEPM_User>:web.

In the example below, the SEPM Domain is the default "Default" Domain, and the user is "admin".
If an account is listed that is no longer applicable select the appropriate Application name entry and click on the "Delete Application" Task.