ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.
Thousands of new Incidents after upgrade to SEDR 4.0.0
Article ID: 173338
Updated On:
Products
Endpoint Detection and Response
Issue/Introduction
After upgrading to Symantec Endpoint Detection and Response (SEDR) 4.0.0, the number of Incidents logged each day suddenly increase to a number in the thousands.
Cause
Resolution
Symantec is investigating at this time.
If an excessive number of incidents are created following upgrade, review Incidents to identify if a single process is triggering multiple incidents. Within the user interface of SEDR, navigate to Incidents, rather than Search to examine the number of Incidents created.
To request that a particular Incident rule be disabled, create a new case with Symantec Technical Support for further assistance. Work with support to attach the following to the case:
- screenshot evidence showing that the rule creating the incident or event is creating a number of like incidents or events
- an export of the events with the type_id of 4100 during the timeframe following the upgrade
- an export of the incidents that are undesired
- diagnostic via gather_evidence
Feedback
Yes
No
Powered by
