search cancel

Full dumps, Process Dumps, Endpoint Searches, and other ECC 2.0 commands do not progress to completion

book

Article ID: 211289

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

You request a full dump or a process dump or multiple dumps in the SEDR web user interface.  The issue is that the dump or Endpoint SHA2 search do not complete and no failure is shown.

Cause

The command process is queued if the clients are unable to reach EDR on port 80.  If the dump is queued and the port is not open this process is never completed.

Resolution

The SEP client needs to connect to port 80 of the SEDR appliance.  This allows EDR to receive the necessary communication to process the request for a full dump, a process dump, or any other ECC 2.0 command.

Please ensure port 80 is open in your network environment.

Additional Information

This section will provide you with additional documentation in order to submit a change request if one is required within your environment. 

Supporting EDR Documentation:

The documentation on Required firewall ports for EDR indicates that port 80 is required for EDR 4.x and newer so that commands can be communicated to the endpoints.

From the EDR documentation on Required firewall ports:

Depending on your network layout, you may need to open some ports on your firewall and edit your firewall rules. These changes let you access the important web addresses that are essential for Symantec Endpoint Detection and Response operations.

This port is one of the required ports.