search cancel

What is the expected behavior when the Advanced Threat Protection Manager cannot access


Article ID: 164089


Updated On:


Advanced Threat Protection Platform


The server is listed as a requirement for synapse correlation of events gathered from Advancted Threat Protection (ATP): Endpoint. What is the expected behavior if this server is not reachable?


In ATP versions 2.2 and earlier, if the option under Global Settings > Synapse, “Enable Symantec Endpoint Protection Correlation” is enabled, then a connection to is required for the proper operation of the ATP Manager appliance. Otherwise, the system will eventually be filled with queued statistic events destinated to Symantec cloud.  Please note that correlation would still work but it is placing the system into a bad posture per previous statement. ATP 2.2 and earlier must have connectivity to  If not, do not enable “Symantec Endpoint Protection Correlation”.

Starting with ATP 2.3, this connection is not required. ATP 2.3 and later will send telemetry data to the servers if "Send data to Symantec for statistical and diagnostic purposes." is enabled on the Global Settings page, so they are still included in the status_check command.