In Advanced Threat Protection (ATP) Platform 3.x or Symantec Endpoint Detection and Response (SEDR) 4.x, when viewing a detection from SEPM which contains network information, "source_port" and "target_port" retrieved from SEPM seem to be interchanged.
- ATP 3.2.x or EDR 4.x is configured to collect events from SEPM via Synapse.
Please upgrade to SEDR 4.3 to receive a repair for this behavior.
- Please review the Late Breaking News for SEDR version 4.3, available here:
Title: ALERT2700 - Late Breaking News for SEDR 4.3
- As a best practice, please backup and/or document your configuration settings for SEDR 4.3, as documented here:
Title: TECH250717 - Preparation checklist for reinstalling ATP 3.x
- Before upgrading, review the following walkthrough document for upgrade:
Title: TECH254119 - Walkthrough - Upgrading multiple SEDR or ATP appliances