How to query SEPM SQL Server Express database in version 14.3 RU1 and newer?

14.3 RU1 or newer

In version 14.3 RU1 the embedded database was updated to the Microsoft SQL Express database. The SQL Server Express database stores policies and security events more efficiently than the default embedded database and is installed automatically with the Symantec Endpoint Protection Manager.

More information: What's new for Symantec Endpoint Protection 14.3 RU1?

1.Download and install SQL Server Management Studio on SEPM machine.

Microsoft website: https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

2.Machine’s restart will be required to finish installation

3.After installation in Windows Menu Start choose Microsoft SQL Server Tools > Microsoft SQL Srever Management Studio

4.After start you will be prompted to connect to the server.

Server type: Database Engine

Server Name: [Your SEPM Machine name]\SQLEXPRESSSYMC

Authentication: SQL Server Authentication

Username: dba 

Password: [Same as SEPM admin’s password]

5.Test if you can querry you db by choosing File>New>Query with current Connection

Place a querry and click ‘Execute’

Sample query: select * from SEM_COMPUTER will return

If you use SEP older than Version 14.3 RU1 please check the following article: How to query the SEPM embedded database

If you would like to learn more about SEP versions please check the following article: Versions, system requirements, release dates, notes, and fixes for Symantec Endpoint Protection and Endpoint Security