Can I use the EDR policy for a hybrid-managed SEPM in Symantec Endpoint Security's cloud console?

book

Article ID: 224597

calendar_today

Updated On:

Products

Endpoint Security Complete Endpoint Protection Endpoint Detection and Response

Issue/Introduction

You have successfully integrated the SEPM in the SES console and the SEPM is configured in a hybrid-managed mode.

Cause

A Symantec Endpoint Protection Manager has been integrated with the SESC cloud console in hybrid-managed mode. The following conditions are also present.

  • The hybrid-managed SEPM and all of its groups are listed and viewable in the cloud console under Devices > Device Groups > Group Hierarchy.
  • In policies under the Detection and Response policy (either the default or a customized copy) you are able to apply the policy to the Device Groups for the hybrid-managed SEPM.
  • Under Devices > Managed Devices > the Devices Filter list shows that no endpoints have Detection and Response enabled in the SEPM groups.  They only show that the devices are disabled.

    Example:

Environment

For a successful hybrid deployment, SEPM and the agents must be version 14.1 or later.

Resolution

When choosing between a on-premise, fully cloud managed, and a hybrid-managed configuration please note the following:

  • The Symantec Endpoint Protection Manager controls more options on the client.
  • The cloud-managed client provides fewer options. However, Symantec adds new features in Symantec Endpoint Security in monthly refreshes.
  • Hybrid-managed SEPMS DO NOT have the ability to utilize the the Detection and Response policy in their groups.
    • If the application of the Detection and Response policy is required in your SEPM's environment:
      • An on-premise EDR appliance must be integrated with the SEPM.
      • The SEPM managed endpoints must be migrated to the SES cloud console so they are fully cloud managed agents.
  •  

Attachments