EDR intermittently uses IPv6 address for Endpoint IP address even if its IPv4 address is available
book
Article ID: 190482
calendar_today
Updated On:
Products
Endpoint Detection and Response
Issue/Introduction
Endpoint Detection and Response (EDR) appliance console sets the Internet Protocol (IP) address of an endpoint entity based on the last connected IP address.
If the last connected IP address is part of the list of IP addresses that Symantec Endpoint Protection Manager (SEPM) sends to EDR, then EDR uses the last connected IP address.
If the last connected IP address is not part of the list of IP addresses SEPM sends to EDR for an endpoint, then we use the first element of the list of IP addresses from SEPM.
This current behavior would permit EDR to favor use of an IPv6 address when an IPv4 address is available.
Environment
EDR appliance console is installed in a network environment with SEPM where SEP Clients are installed on machines with both IPv4 and IPv6 addresses.