Preparation checklist for reinstalling ATP 3.x or EDR 4.x

book

Article ID: 171913

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

In preparation for reinstalling Endpoint Detection and Response (EDR), a checklist of required materials is needed.

Resolution

Materials checklist for an EDR scanner

  • Screen shots of the property pages for the EDR scanner within EDR UI
  • Screen shots of or verbatim logging of output of exportcfg that is ran at admin CLI of EDR Platform
  • Communications password that is shared by the EDR Management Server and EDR scanner
  • Download the .iso or .ova file from https://support.broadcom.com (sign-in required)

 

Additional materials checklist for an EDR management server or All-In-One

NOTE: Symantec EDR 4.6 adds support for backup and restore of configuration data on the same hardware model. For more details, see the EDR 4.6 Help topic
About exporting/importing Symantec EDR configuration settings

  • Screen shots of all EDR UI settings
  • Copy of certificate file that is used to secure EDR UI
  • Copy of each certificate file that is used to secure communications between EDR and SEPM
  • User name and password for each configured SEP DB connection or SEPM Controller connection
  • Export of EDR Blacklist entries (can be exported through ATP UI Policies page)
  • Export of EDR Whitelist entries (can be exported through ATP UI Policies page)
  • Symantec License File (.slf file) for EDR that contains a start_date before the current date and contains an end_date after the current date

The following additional pieces of evidence may be necessary if you are engaged in a technical support case:

  • Backup file from the admin CLI command backup
  • Diagnostic file that is collected with support assistance by gather_evidence

Additional Information

EDR was formerly known as Symantec Advanced Threat Protection (ATP) Platform.

 

In preparation for a Disaster Recovery plan, the next step to identify is how to re-install or re-deploy EDR/ATP.