Over time, you may have created many Allow (whitelist) or Deny (blacklist) policies for your Symantec Endpoint Detection & Response appliance. There may come a time when you need to remove multiple policies at once, or 'Bulk delete'.

Release : 4.6.8, 4.7.x, 4.8, 4.9.x, 4.10

• SEDR has no option in the WebGUI to select multiple policies, for 'bulk deletion'. (See version applicable below)
• The Command Line Interface does not have any methods to manage these types of policies, see Using the Symantec SEDR command-line interface
• Restoring a configuration with any export/import controls from the WebGUI only restores policies in an additive manner, it does not delete policies already present.
• A full restore may not be a option.

Broadcom has exposed a set of Application Programming Interface's for 'on premise' SEDR. You can find the API documentation here: https://apidocs.securitycloud.symantec.com/.

Among the methods available are the following API commands:

• Create Allow List Policies
• Create BlackList Policies
• Delete BlackList Policy
• Update Policy Comment
• Create Deny List Policies
• Delete Deny List Policy
• Update Deny Policy Comment

These methods are the only current ways to bulk delete 'Allow' or 'Deny' policies in the SEDR Appliance.
Broadcom API's are not part of product standard support, see the Broadcom® Software Broadcom Maintenance Policy Handbook, and are for customers wishing to develop their own interfaces to our products.

For information on importing policies see the SEDR Help documentation page with the title of 'Importing Policies.'  If you experience problems importing policies see the Troubleshooting error message: "Aborted importing policies. Error occured while serializing JSON object ..." while importing SEDR Deny and Allow Lists article.