For Advanced Threat Protection or Symantec Endpoint Detection and Response, when using Synapse with the Email Security.cloud correlation feature, you see an error regarding invalid credentials.
The Health Status may also show the message, "Synapse Email correlation is malfunctioning: please check configuration." or "Invalid synapse config"
This is indicating that, as the error states, the specified user or password is invalid. This can happen at any time given that ClientNet passwords can expire if configured as such.
NOTE: When testing username and password via https://clients.messagelabs.com, please remember that accounts with 2 Factor authentication enabled do not require a unique VIP token specified for each secondary login. Also, if you use a primary login to reset the password of a secondary account, you actually create a temporary password. The first time the secondary is used to login, it will be required to set a new password. Until this permanent reset occurs, ATP will not be able to use the credentials for the secondary login to authenticate and retrieve events from Email Security.cloud.