After configuring the SEP Policies in Advanced Threat Protection (ATP) Platform, proxy and submissions settings in the External Communications policy on the Endpoint Protection Manager (SEPM) are reset to default values.

If clients need to connect to ATP through a proxy, this will result in multiple clients showing "Authentication Pending" status under Enrollment Statistics indefinitely. 

- In the network design for this environment, the Endpoint Protection (SEP) clients may need to use a proxy to communicate with ATP Platform management server or ATP Platform All-In-One.

ATP currently utilizes the PUT method to update the Private Cloud settings through the SEPM's REST API.  This will overwrite the existing External Communications policy with the configured settings.  Utilizing the PATCH method will edit the existing policy with the new settings.

https://apidocs.symantec.com/home/SAEP#_patchgroupexternalcommunication

Attempting to update the Private Cloud settings through the SEPM's REST API by using the PUT method will also result in this behavior.

To check whether this is a known issue

1. Within SEPM, navigate to Clients, and select a client group.
2. On the client group's policy settings, click External Communications policy
3. On the Proxy tab, check whether the Proxy settings are pointing at the correct proxy.

If the Proxy settings no longer point to a proxy that was previously configured...

1. To temporarily workaround. re-configure the External Communications policy so that the SEP client group points at the correct proxy
2. To prevent ATP from changing the contents of the Proxy tab again, contact support for assistance with applying a hotfix to ATP Platform.