In Advanced Threat Protection (ATP) Platform 3.x or Symantec Endpoint Detection and Response (SEDR) 4.x, when viewing a detection from SEPM which contains network information, "source_port" and "target_port" retrieved from SEPM seem to be interchanged.

- ATP 3.2.x or EDR 4.x is configured to collect events from SEPM via Synapse.

Please upgrade to SEDR 4.3 to receive a repair for this behavior.

- Please review the Late Breaking News for SEDR version 4.3, available here:
Title: ALERT2700 - Late Breaking News for SEDR 4.3
URL: https://support.symantec.com/us/en/article.alert2700.html?

- As a best practice, please backup and/or document your configuration settings for SEDR 4.3, as documented here:
Title: TECH250717 - Preparation checklist for reinstalling ATP 3.x
URL: https://support.symantec.com/us/en/article.TECH250717.html

- Before upgrading, review the following walkthrough document for upgrade:
Title: TECH254119 - Walkthrough - Upgrading multiple SEDR or ATP appliances
URL: https://support.symantec.com/us/en/article.TECH254119.html