SEDR 4.5 events may report empty, blank or misformatted details of events by Antivirus (AV), Memory Exploit (MEM), Sonar, and Intrusion Protection System (IPS)

book

Article ID: 210261

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection

Issue/Introduction

When events are sent to the EDR from the SEPM, the details of the application/process detection is blank or empty.

Cause

SEPM's provided json files are not formatted properly or blank that are provided to EDR.

Environment

Found in versions 4.5 and SEPM 14.3 RU1 MP1 and earlier.

Resolution

Some of the details will begin to be provided starting in SEDR version 4.6.  Changes to the SEPM releases are expected to be fixed in SEPM versions greater than 14.3 RU1 MP1.