Symantec Endpoint Detection and Response (SEDR) supports submitting files to the Content Analysis Service / Malware Analysis (CAS/MA) appliance for sandbox analysis. Users have configured the settings in SEDR appliance console to use on-premises sandboxing, but files aren't submitted.
The Malware Analysis (MA) feature of the Content Analysis Server (CAS), or CAS/MA, accepts incoming files on the same HTTPS port for its User Interface (UI). The default port for CAS/MA HTTPS UI is port 8082. The UI of CAS/MA appliance may be configured to accept HTTPS traffic for its UI on any single port above 1025. Changing the HTTPS port for the CAS/MA UI also changes the port for the listener for the onbox malware analysis feature of CAS/MA.
If you receive a specific error message after specifying the port number, please troubleshoot each specific error message as a separate issue. For intermittent connectivity issues, at the SEDR CLI, use the following command to check network connectivity between the management interface of the SEDR appliance console and the HTTPS UI port of CAS/MA
tcp_check IP_ADDRESS PORT
... where IP_ADDRESS is the actual ip address of the CAS/MA UI and PORT is the actual tcp port where CAS/MA serves its user interface.