search cancel

What is the expected behavior when the Advanced Threat Protection Manager cannot access synapse.symantec.com?

book

Article ID: 164089

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

The https://synapse.symantec.com server is listed as a requirement for synapse correlation of events gathered from Advancted Threat Protection (ATP): Endpoint. What is the expected behavior if this server is not reachable?

Resolution

In ATP versions 2.2 and earlier, if the option under Global Settings > Synapse, “Enable Symantec Endpoint Protection Correlation” is enabled, then a connection to https://synapse.symantec.com is required for the proper operation of the ATP Manager appliance. Otherwise, the system will eventually be filled with queued statistic events destinated to Symantec cloud.  Please note that correlation would still work but it is placing the system into a bad posture per previous statement. ATP 2.2 and earlier must have connectivity to synapse.symantec.com.  If not, do not enable “Symantec Endpoint Protection Correlation”.

Starting with ATP 2.3, this connection is not required. ATP 2.3 and later will send telemetry data to the servers if "Send data to Symantec for statistical and diagnostic purposes." is enabled on the Global Settings page, so they are still included in the status_check command.