search cancel

Configuring Endpoint Detection and Response with replicating Endpoint Protection Manager databases

book

Article ID: 175119

calendar_today

Updated On:

Products

Advanced Threat Protection Platform Endpoint Detection and Response

Issue/Introduction

Consider the following scenario:

  1. There are 3 Symantec Endpoint Protection Manager (SEPM) sites: SEPM A , SEPM B & SEPM C.
  2. SEPM A, SEPM B are in replication, and SEPM C is a standalone site.
  3. Only one Advanced Threat Protection (ATP) / Endpoint Detection and Response (EDR) Manager.

Cause

ATP treats each SEPM as an individual identity, hence we always enable the option 'Replication is enabled between all SEPM's.', when adding replicating SEPM databases.

Resolution

In above situation, as a best practice we either can keep Replication sites or standalone site. Or uncheck the replication option and configure as follows:

  1. Add SEPM database for standalone SEPM server (SEPM C).
  2. Add only one database server from replicating sites, 'SEPM B' or 'SEPM C'.

Note: Please make sure the number of SEP clients as per Sizing guidelines.