The Symantec Endpoint Detection and Response appliance will make periodic API calls to the configured SEPMs to stay updated on which clients are in which groups. If a group name is not returned or a client changes groups, the software unenrolls the clients from ECC 2.0.

In SEPM versions prior to 14.2 RU 1, there was an issue with the Stored Procedure on the SEPM DB which could cause a pagination issue, causing groups to not get listed on the second API call.

The Symantec Endpoint Detection and Response software will remove clients or groups from ECC 2.0 enrollment if this occurs. This will be addressed in a future software release.