Endpoint searches appear to be stopped or hung in the SEDR web interface. They do not appear to progress when you monitor them.
There is a CPU usage spike. This could manifest in EDR by showing different symptoms.
2021-01-23 05:05:46,587 [http-nio-127.0.0.1-8011-exec-15] WARN c.s.p.identity.tokens.AmqpConnection - AMQP Connection to RabbitMQ [[localhost:5672]:/] successful!
2021-01-27 06:01:06,071 [http-nio-127.0.0.1-8011-exec-185] WARN com.symantec.platform.r3.router.R3Request - unexpected error parsing the token com.symantec.platform.identity.tokens.TokenException: invalid_token - General token decode failure: Invalid serialized unsecured/JWS/JWE object: Missing part delimiters
This will not affect the S550 or 8880 (dell R730) where the SEDR appliance has more than 192 GB of memory installed. All other appliances could experience this.
This is resolved in SEDR 4.6 please upgrade to EDR version 4.6.