Endpoint searches appear to be stopped or hung in the SEDR web interface. They do not appear to progress when you monitor them.
There is a CPU usage spike that could occur on the SRE service. Heap starvation may occur and some processes may get blocked indefinitely.
In the epmp_r3.log file Excessive "TokenException" warnings start showing.
2021-01-23 05:05:46,587 [http-nio-127.0.0.1-8011-exec-15] WARN c.s.p.identity.tokens.AmqpConnection - AMQP Connection to RabbitMQ [[localhost:5672]:/] successful! 2021-01-27 06:01:06,071 [http-nio-127.0.0.1-8011-exec-185] WARN com.symantec.platform.r3.router.R3Request - unexpected error parsing the token com.symantec.platform.identity.tokens.TokenException: invalid_token - General token decode failure: Invalid serialized unsecured/JWS/JWE object: Missing part delimiters
This will not affect the S550 or 8880 (dell R730) where the SEDR appliance has more than 192 GB of memory installed. All other appliances could experience this.
This is resolved in SEDR 4.6 please upgrade to EDR version 4.6.
TSE see internal notes.