search cancel

ATP 3.x or EDR 4.x show a Health Status of Warning or Error for the Secure Endpoint Communication certificate


Article ID: 172871


Updated On:


Endpoint Detection and Response Advanced Threat Protection Platform


Advanced Threat Protection versions 3.0 and higher and Endpoint Detection 4.0 and higher may show a Health Status regarding the Secure Endpoint Communication certificate expiring or is expired.


The certificate that is expiring is the cert that ATP 2.3 and earlier used for securing the SEP Insight queries on port 8443. Since ATP version 3.0 and later, the ATP secures the Endpoint communication on port 443 with the same certificate as the web interface.


The alert is only cosmetic, the certificate referenced in the message is not used in ATP versions 3.0 and later.

As this issue only impacts EDR appliances that were originally installed as Advanced Threat protection 2.x, Broadcom Engineering has no plan to address this issue in future releases. For further relief, please do one of the following:

  • Use as is, ignoring the cosmetic error
  • Contact support for manual recovery assistance -OR-
  • Reinstall with the latest EDR build

To reinstall with the latest EDR build
1. If EDR is installed into VMWare as a Virtual Edition, check system requirements for EDR version 4.3 Virtual Edition, here:
   - SYMANTEC EDR 4.3 HELP: System requirements for the virtual appliance

2. If you meet system requirements to install the latest build, prepare to re-image with the steps here:
   - Preparation checklist for re-installing ATP 3.x

3. If EDR is installed on Dell legacy hardware, osrestore using an ISO
   - Title: Re-image ATP8880 by inserting an osrestore DVD-ROM

   - Title: Re-image ATP8880 remotely by mapping an iso as a network drive via iDRAC

4. If EDR is installed as a virtual edition, re-deploy using an OVA:
   - Title: Reinstalling SEDR VE