search cancel

EDR intermittently uses IPv6 address for Endpoint IP address even if its IPv4 address is available

book

Article ID: 190482

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

Endpoint Detection and Response (EDR) appliance console sets the Internet Protocol (IP) address of an endpoint entity based on the last connected IP address. 

If the last connected IP address is part of the list of IP addresses that Symantec Endpoint Protection Manager (SEPM) sends to EDR, then EDR uses the last connected IP address. 

If the last connected IP address is not part of the list of IP addresses SEPM sends to EDR for an endpoint, then we use the first element of the list of IP addresses from SEPM. 

This current behavior would permit EDR to favor use of an IPv6 address when an IPv4 address is available.

Environment

EDR appliance console is installed in a network environment with SEPM where SEP Clients are installed on machines with both IPv4 and IPv6 addresses.

Resolution

This issue is resolved in SEDR 4.5.0.