SEDR 4.5 events may report empty, blank or misformatted details of events by Antivirus (AV), Memory Exploit (MEM), Sonar, and Intrusion Protection System (IPS)
Article ID: 210261
Updated On:
Products
Endpoint Detection and Response
Endpoint Protection
Issue/Introduction
When events are sent to the EDR from the SEPM, the details of the application/process detection is blank or empty.
Environment
Found in versions 4.5 and SEPM 14.3 RU1 MP1 and earlier.
Cause
SEPM's provided json files are not formatted properly or blank that are provided to EDR.
Resolution
Some of the details will begin to be provided starting in SEDR version 4.6. Changes to the SEPM releases are expected to be fixed in SEPM versions greater than 14.3 RU1 MP1.
Feedback
Yes
No
Powered by
