ATP 3.x or EDR 4.x show a Health Status of Warning or Error for the Secure Endpoint Communication certificate
Article ID: 172871
Updated On:
Products
Endpoint Detection and Response
Advanced Threat Protection Platform
Issue/Introduction
Advanced Threat Protection versions 3.0 and higher and Endpoint Detection 4.0 and higher may show a Health Status regarding the Secure Endpoint Communication certificate expiring or is expired.
Cause
The certificate that is expiring is the cert that ATP 2.3 and earlier used for securing the SEP Insight queries on port 8443. Since ATP version 3.0 and later, the ATP secures the Endpoint communication on port 443 with the same certificate as the web interface.
Resolution
The alert is only cosmetic, the certificate referenced in the message is not used in ATP versions 3.0 and later.
As this issue only impacts EDR appliances that were originally installed as Advanced Threat protection 2.x, Broadcom Engineering has no plan to address this issue in future releases. For further relief, please do one of the following:
To reinstall with the latest EDR build
1. If EDR is installed into VMWare as a Virtual Edition, check system requirements for EDR version 4.3 Virtual Edition, here:
- SYMANTEC EDR 4.3 HELP: System requirements for the virtual appliance
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-3/INSTALL_AND_SET_UP_2/system-requirements-for-the-virtual-appliance-v96381064-d38e7045.html#v96381064
2. If you meet system requirements to install the latest build, prepare to re-image with the steps here:
- Preparation checklist for re-installing ATP 3.x
https://knowledge.broadcom.com/external/article?legacyId=TECH250717
3. If EDR is installed on Dell legacy hardware, osrestore using an ISO
- Title: Re-image ATP8880 by inserting an osrestore DVD-ROM
https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11183/en_US/satp_administration_guide_3.2.pdf?__gda__=1539352820_e6707dd9b6220cbaa6cb701af9140e72#v109793675
- Title: Re-image ATP8880 remotely by mapping an iso as a network drive via iDRAC
https://knowledge.broadcom.com/external/article?legacyId=HOWTO111549
4. If EDR is installed as a virtual edition, re-deploy using an OVA:
- Title: Reinstalling SEDR VE
URL: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11183/en_US/satp_administration_guide_3.2.pdf?__gda__=1539371113_bfb59306905e7616e78d2e5e249cdab7#v109793680
As this issue only impacts EDR appliances that were originally installed as Advanced Threat protection 2.x, Broadcom Engineering has no plan to address this issue in future releases. For further relief, please do one of the following:
- Use as is, ignoring the cosmetic error
- Contact support for manual recovery assistance -OR-
- Reinstall with the latest EDR build
To reinstall with the latest EDR build
1. If EDR is installed into VMWare as a Virtual Edition, check system requirements for EDR version 4.3 Virtual Edition, here:
- SYMANTEC EDR 4.3 HELP: System requirements for the virtual appliance
http://techdocs.broadcom.com/content/broadcom/techdocs/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-3/INSTALL_AND_SET_UP_2/system-requirements-for-the-virtual-appliance-v96381064-d38e7045.html#v96381064
2. If you meet system requirements to install the latest build, prepare to re-image with the steps here:
- Preparation checklist for re-installing ATP 3.x
https://knowledge.broadcom.com/external/article?legacyId=TECH250717
3. If EDR is installed on Dell legacy hardware, osrestore using an ISO
- Title: Re-image ATP8880 by inserting an osrestore DVD-ROM
https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11183/en_US/satp_administration_guide_3.2.pdf?__gda__=1539352820_e6707dd9b6220cbaa6cb701af9140e72#v109793675
- Title: Re-image ATP8880 remotely by mapping an iso as a network drive via iDRAC
https://knowledge.broadcom.com/external/article?legacyId=HOWTO111549
4. If EDR is installed as a virtual edition, re-deploy using an OVA:
- Title: Reinstalling SEDR VE
URL: https://symwisedownload.symantec.com//resources/sites/SYMWISE/content/live/DOCUMENTATION/11000/DOC11183/en_US/satp_administration_guide_3.2.pdf?__gda__=1539371113_bfb59306905e7616e78d2e5e249cdab7#v109793680
Feedback
Yes
No
Powered by
