The SEDR appliance console does not display some Targeted Attack Analytics (TAA) incidents


Article ID: 192197


Updated On:


Advanced Threat Protection Platform Endpoint Detection and Response


When reviewing TAA incidents it is noted that some TAA incidents are not displayed in the Symantec Endpoint Detection and Response (SEDR) console.


  1. Verify that TAA incidents are being received by opening the command prompt on a SEP client and running
    start cmd /k echo TAA-EICAR
  2. If no TAA incidents are generated after 1 hour, reboot the appliance and repeat step #1
  3. Should step 2 not resolve the issue, please collect a diagnostics ( and open a case with Symantec Technical Support