Configuring Endpoint Detection and Response with replicating Endpoint Protection Manager databases
book
Article ID: 175119
calendar_today
Updated On:
Products
Advanced Threat Protection PlatformEndpoint Detection and Response
Issue/Introduction
Consider the following scenario:
There are 3 Symantec Endpoint Protection Manager (SEPM) sites: SEPM A , SEPM B & SEPM C.
SEPM A, SEPM B are in replication, and SEPM C is a standalone site.
Only one Advanced Threat Protection (ATP) / Endpoint Detection and Response (EDR) Manager.
Cause
EDR treats each SEPM as an individual identity, hence we always enable the option 'Replication is enabled between all SEPM's.', when adding replicating SEPM databases.
Resolution
In above situation, as a best practice we either can keep Replication sites or standalone site. Or uncheck the replication option and configure as follows:
Add SEPM database for standalone SEPM server (SEPM C).
Add only one database server from replicating sites, 'SEPM B' or 'SEPM C'.