ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Domains in the EDR blacklist are not blocked by SEP


Article ID: 212129


Updated On:


Endpoint Detection and Response Endpoint Protection with Endpoint Detection and Response Advanced Threat Protection Platform


When adding a domain to the Deny list in the UI of Endpoint Detection and Response (EDR) appliance, SEP clients do not block connections to the URL with their software firewall feature.



This is not a feature of EDR appliance. Domain names entered in the Deny list are effective for the network scanning component. These entries are not passed to SEP clients in the form of a firewall policy.


Release :

Component :


Behavior by design.


Additional Information


Title: EDR 4.6 Help - How Symantec EDR applies deny list policies based on your operating mode