All versions of EDR.
The determination was made by the product team that since ECC, endpoint activity recorder, and search data are not forwarded to syslog that the encryption offered by secure syslog would not be necessary.
Secure syslog traffic is not a supported function of the current EDR product as of the date this article was published.
For more information on syslog server connections in EDR please navigate to the Symantec EDR help page for your version of EDR (4.x) and look for the section titled About syslog server connections. This section explains what information is forwarded and how it is formatted.