when adding a file hash to EDR Deny list, the SEPM does not show that this file\domain\fingerprint has been blocked
SEPM and Symantec EDR
Symantec is investigating at this time
If you encounter these symptoms, open a support case and attach the following pieces of evidence...
- a screenshot showing the Deny list entry in EDR (Policies> Deny)
- a screenshot showing the file fingerprint list within SEPM
- a diagnostic from the EDR appliance (see below)
- At the UI of the ATP Platform or SEDR appliance console, a screenshot of Settings> Appliances. Hover the mouse pointer over the status (Critical |Needs Attention|Healthy) at the top, to show any messages for the overall status.
- For each individual appliance on the Appliances list, click on the IP address to open the property sheet. Hover the mouse pointer over the circle around the appliance graphic on the left to display the health messages for the individual appliances.
- Because this issue may be specific to enrollment, a screenshot of the list of SEPM Controller Connections on Settings> Global
- For each SEPM Controller Connection, a screenshot showing the Enrollment Statistics by clicking in the ellipses (...) on the right side, then clicking Enrollment Statistics to display the Enrollment Statistics.
- At the CLI of the ATP Platform or SEDR appliance console, type: show -v
- Type: update status
- Type: df -h
- Type: show -i
- Type: status_check
To generate a diagnostic on the EDR appliance
Title: HOWTO130439 - Generating SEDR diagnostics without internet connectivity