SEP client is stuck in "Authentication Pending" status.
search cancel

SEP client is stuck in "Authentication Pending" status.

book

Article ID: 233194

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

SEP client is stuck in "Authentication Pending" status. Checked contents in SEP clients stuck in "Authentication Pending" in the Enrollment Statistics during ECC client registration but not resolved.

Environment

Closed network environment

Cause

There is no EDR definition in C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Definitions\EDRDefs.

cve.log:

[2022-Jan-26 13:33:36.507695] [DEBUG] Get AtpInfo from SEPM successfully. [thread:240c]
[2022-Jan-26 13:33:36.529695] [INFO ] SEP::SmcAtpProvider::DecryptEdrPassword: Decrypt EDR password successfully! [thread:240c]
[2022-Jan-26 13:33:36.529695] [DEBUG] SEP::SmcAtpProvider::ProcessAtpInfo: ATP DeviceID is: ff67cf75-bc4c-42d7-ae1b-67bf5a3135a2 [thread:240c]
[2022-Jan-26 13:33:36.530702] [DEBUG] SEP::SmcAtpProvider::ProcessAtpInfo: ATP Encrypted Password is: 2sgvf0Dcvah+oxDdMY6JRP4UinxUJpz2w6p9w6Yxa1yroNZyGuq8ejUFa6+0Kv9XY+DHS3KSPS2DMC1bI6RqawSGs7yxX9qWOZqmyYxmwwTGhoAcN82kQNdlz9pbSD/3xkionIxbqqxCbxUiAjq06s0ZNKU2C4irlx7Bm8favGsYUCxolDH4ww4MV6MaPMpoIxhQycfEKwc0UIeham6+w6iO9AedUmBxcbJuGXLwN4BAepNIBm11UnQOL9YA+UyTdjRSoTUkuIjUykw9WcH/KAsie3h7lffcBxHzcJzljE5frYsQLD/w1PIDuZ4U47UvA1yOIgyHOixdKRzZGsj4Lw== [thread:240c]
[2022-Jan-26 13:33:36.530702] [ERROR] SEP::SmcAtpProvider::TriggerEdrEnroll: Failed to create EdrEnroll interface: sr = 80010300] [thread:240c]

WPP log:

[01/26/2022-13:33:36.528] SepManagementClient : 1eb4 : 240c : TRACE_DEBUG : TRACE_LEVEL_INFORMATION : EdrCryptoHelper::Decrypt : EdrCryptoHelper_cpp405 :Decrypt successfully!
[01/26/2022-13:33:36.528] SepManagementClient : 1eb4 : 240c : TRACE_DEBUG : TRACE_LEVEL_INFORMATION : DecryptEDRPassword : EdrCryptoHelper_cpp516 :Decrypt Edr Password successfully!

[01/26/2022-13:33:36.529] ccLibDynamic : 1eb4 : 240c : TRACE_DEBUG : TRACE_LEVEL_VERBOSE : ccLib::CRegistry::Open : ccRegistry_cpp289 :RegOpenKeyEx() == ERROR_FILE_NOT_FOUND, edrdefsdir, REGSAM:0x20019
[01/26/2022-13:33:36.529] ccLibDynamic : 1eb4 : 240c : TRACE_DEBUG : TRACE_LEVEL_ERROR : ccLib::expandPath : ccPathExpansion_cpp612 :Failed to retrieve token value,  original input: %EDRDefsDir% returned.

Resolution

Configure network for EDR/SEPM/SEP client to be able to access required Symantec servers and run LiveUpdate to download latest EDR definition.

Powered by Wolken Software