Endpoint is unaware of ATP un-enrollment until its private cloud setting is reset

book

Article ID: 170242

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

When an ATP 3.0 instance configured with a SEPM Controller is shut down/disengaged/dismantled and a new ATP instance is created/deployed/commissioned with same IP address as the previous instance, when the new ATP instance comes up, the Symantec Endpoint Protection (SEP) clients associated with the SEPM create connections with the new ATP instance

Cause

When an ATP 3.0 instance is configured with a SEPM (14.0 RU1) Controller, as part of the configuration, ATP pushes the Private Cloud Settings to Symantec Endpoint Protection Manager (SEPM) along with ATP's certificate. SEP clients fetch these Private Cloud Settings from SEPM and make connections to the specified IP address. When ATP is shut down or removed without removing the SEPM Controller configurations, Private Cloud Settings are retained on the SEPM and SEP clients.

When a new ATP instance is created/deployed with same IP address as that of previous ATP instance, since the Private Cloud Settings are retained on SEPM and the SEP clients, all associated SEP clients try to re-create their connections with the new instance of ATP.

Environment

ATP 3.0

Resolution

The recommended way to switch an existing ATP instance with another ATP instance is to remove the SEPM Controller configurations in ATP Manager before you shut down the existing ATP instance and set up a new one. 

If you have already replaced a previous ATP instance with a new ATP instance and retained the same IP address, follow the below step:

  • Add the SEPM Controller connection settings on the Settings > Global page in the Configure SEPM Controller section to begin the enrollment process of the endpoints associated with that SEPM

If you do not want to add a SEPM Controller and prefer to stop endpoints from making connections to the ATP instance, the Admin can make following changes:

1. In SEPM, click on the Clients tab.
2. Select the Policies tab.
3. Click External Communications Settings.
4. Remove the existing Private Cloud settings.