Late Breaking News for Symantec EDR 4.6
search cancel

Late Breaking News for Symantec EDR 4.6

book

Article ID: 209809

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

The release notes for Symantec Endpoint Detection and Response (Symantec EDR) 4.6 are available here: https://techdocs.broadcom.com/content/dam/broadcom/techdocs/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/generated-pdfs/sedr_release_notes_4.6.pdf

Cause

New issues discovered after the 4.6 release are listed below.

Resolution

EDR 4.6.8

The Symantec EDR team investigated the log4j vulnerability described in CVE-2021-44228.  Some components of the EDR on-premises appliance contain log4j versions that are known to be exposed to the vulnerability and may be impacted.  

For EDR 4.6.0, 4.6.5, and 4.6.7, a hotfix is available to address the log4j vulnerability: atp-patch-generic-4.6-1.  This hot fix also includes a security update for CVE-2021-45046.  


For versions of EDR earlier than 4.6.0, Symantec strongly recommends that you upgrade to EDR 4.6.8 to ensure your environment is protected from CVE-2021-44228 and CVE-2021-45046.  

-----------------------------------------------------------

EDR 4.6.7

Upgrade to Symantec EDR 4.6.7 to update nginx 1.20.1. 

Error 500 returned from SEPM when Symantec EDR tries to add new items to the Exceptions policy after update to 14.3 RU2

 

-----------------------------------------------------------

EDR 4.6.5

Symantec EDR 4.6.5 supports Mac agent endpoint enrollment when you upgrade to SEP 14.3 RU2.  After the upgrades to Symantec EDR 4.6.5 and SEP 14.3 RU2, Mac endpoints can forward the following event types to Symantec EDR:

  • 8001:  Process Event
  • 8003:  File Event
  • 8016:  Startup Application Configuration Change

Adding groups to SEPM Group Inclusions never completes

After upgrading the Appliance to version 4.5.0, it is not possible to include SEPM groups for EDR to manage. The groups are selected and the configuration is saved, but the groups are never included, and the screen remains processing.  This is resolved in 4.6.5.

Multiple performance enhancements

Symantec EDR 4.6.5 has made several internal database changes to tune for environment with high client counts and VDI clients.

Additional Information

Please note:

No installation package is available for Symantec EDR versions 4.6.5 or 4.6.7.  To install Symantec EDR versions 4.6.5 or 4.6.7 on a new EDR appliance, install Symantec EDR version 4.6 and upgrade to 4.6.5 or 4.6.7 using the supported upgrade methods for the Symantec EDR CLI and web user interface.

Powered by Wolken Software