ATP 3.0 can take longer than expected to Enroll, Isolate or Rejoin EDR2 clients after the migration from ATP 2.3 to 3.0

book

Article ID: 170431

calendar_today

Updated On:

Products

Advanced Threat Protection Platform

Issue/Introduction

You upgraded the Advanced Threat Protection appliance to ATP 3.0, but it takes an hour or more for the SEP 14 RU1 clients to get enrolled in EDR2. You also notice a long delay for Isolate and Rejoin commands if the clients are configured for Push mode.

Cause

The ATP does not immediately begin to enroll clients upon upgrade, the ATP software waits for the next SEPM gatherer job which runs every 60 minutes.

The ATP still relies on the SEP client's heartbeat for the Isolate and Rejoin commands, so depending on that value it can take longer than expected for the commands to complete.

Resolution

This will be addressed in a future release of ATP. Until then, this is expected behavior.