Some Endpoint entity pages show clients as Unsupported on SEDR
search cancel

Some Endpoint entity pages show clients as Unsupported on SEDR


Article ID: 176196


Updated On:


Endpoint Detection and Response


When reviewing the Entity search or when viewing Event data, you may see clients with a hostname of their IP address and Unknown or Unsupported for the SEPM group or SEP versions information.


This occurs when a SEP client has received the Private Cloud policies, and has sent an Insight, SONAR or IPS event through the SEDR Appliance's SEP Proxy, but the client is not in a SEP Group chosen in Group Inclusion. This can also happen if the SEP group the client is a member of has inherited the Private Cloud policies from the My Company group, and the check box has not been select for "Apply private cloud policies to all non-default SEPM groups."


This issue is addressed in SEDR 4.4 by adding an option which traverses each SEPM group's inherited groups and enrolls those clients as well. This option is labelled 'Include inherited sub-groups automatically' and will need to be manually enabled after the update.

If you are unable to update to SEDR 4.4, please review this workaround:

In order for the SEDR Appliance to gather information about these endpoints, and to gather their related SEP Database events, you will need to review the Group Inclusion list and add the unselected SEP groups that are inheriting settings from an Enrolled group.