search cancel

Configuring Endpoint Detection and Response with replicating Endpoint Protection Manager databases


Article ID: 175119


Updated On:


Advanced Threat Protection Platform Endpoint Detection and Response


Consider the following scenario:

  1. There are 3 Symantec Endpoint Protection Manager (SEPM) sites: SEPM A , SEPM B & SEPM C.
  2. SEPM A, SEPM B are in replication, and SEPM C is a standalone site.
  3. Only one Advanced Threat Protection (ATP) / Endpoint Detection and Response (EDR) Manager.


ATP treats each SEPM as an individual identity, hence we always enable the option 'Replication is enabled between all SEPM's.', when adding replicating SEPM databases.


In above situation, as a best practice we either can keep Replication sites or standalone site. Or uncheck the replication option and configure as follows:

  1. Add SEPM database for standalone SEPM server (SEPM C).
  2. Add only one database server from replicating sites, 'SEPM B' or 'SEPM C'.

Note: Please make sure the number of SEP clients as per Sizing guidelines.