There are duplicate endpoint hostnames found on Endpoint Detection and Response (EDR) console

EDR 4.x

One of the causes found for the issue is due to MDR index saturation

There is a fix planned for this issue in future release of EDR.

There is a hotfix patch available in EDR 4.6.7-45 to avoid this kind of issue caused by MDR index saturation. It will help fix any future cause of this issue.

Please follow the below steps to install it:

1. Check if "atp-patch2-4.6.7-1" is available with this command:

localhost> patch list
Loaded plugins: fastestmirror, sgstd_checkdisk, sgstd_datamigration,
              : sgstd_servicesdown
Cleaning repos: patch-rpm-generic patch-rpm-release sgs-td
Cleaning up everything
Cleaning up list of fastest mirrors


Available Patches
atp-patch-4.6.7-1
atp-patch-generic-4.2.1-9901
atp-patch2-4.6.7-1


Function: main returned success

localhost> patch list -v atp-patch2-4.6.7-1

2. Install it with the below command:

localhost> patch install atp-patch2-4.6.7-1

Note: During patch installation, script runs to purge invalid/orphan MDR index entries. This should take for a while.
Please be prepared to keep TCP session alive (ex: using screen command to connect ssh via SEDR deployment system console)
patch rpm shows following warning test to tell about it.

purge and defragment MDR index records. this may take for a while ...

This article will be updated with the latest information as it is available.