Full dumps or Process Dumps do not progress to completion

book

Article ID: 211289

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You request a full dump or a process dump or multiple dumps in the EDR web user interface.  The issue is that the dump or dumps do not complete and no failure is shown.

Cause

The dump process is queued if the clients are unable to reach EDR on the HTTP port.  If the dump is queued and the port is not open this process is never completed.

Resolution

The SEP client needs to connect to port 80 of the SEDR appliance.  This allows EDR to receive the necessary communication to process the request for a full dump, a process dump, or multiple dump requests.

Please ensure port 80 is open in your network environment.

Additional Information

This section will provide you with additional documentation in order to submit a change request if one is required within your environment. 

Supporting EDR Documentation:

The documentation on Required firewall ports for EDR indicates that port 80 is required for EDR 4.x and newer so that commands can be communicated to the endpoints.

From the EDR documentation on Required firewall ports:

Depending on your network layout, you may need to open some ports on your firewall and edit your firewall rules. These changes let you access the important web addresses that are essential for Symantec Endpoint Detection and Response operations.

This port is one of the required ports.