How to query SEPM SQL Server Express database in version 14.3 RU1 and newer?

14.3 RU1 or newer

In version 14.3 RU1 the embedded database was updated to the Microsoft SQL Express database. The SQL Server Express database stores policies and security events more efficiently than the default embedded database and is installed automatically with the Symantec Endpoint Protection Manager.

More information: What's new for Symantec Endpoint Protection 14.3 RU1?

1.Download and install SQL Server Management Studio on SEPM machine.

Microsoft website: https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

2.Machine’s restart will be required to finish installation

3.After installation in Windows Menu Start choose Microsoft SQL Server Tools > Microsoft SQL Server Management Studio

4.After start you will be prompted to connect to the server.

Server type: Database Engine

Server Name: [Your SEPM Machine name]\SQLEXPRESSSYMC

Authentication: SQL Server Authentication

Username: dba 

Password: [Same as SEPM admin’s password]  *

5.Test if you can querry you db by choosing File>New>Query with current Connection

Place a querry and click ‘Execute’

Sample query: select * from SEM_COMPUTER will return list of the computers in SEM_COMPUTER table

*If you can't login and "The target principal name is incorrect" you might need to go to "Options" and in connection properties enable "Trust Server Certificate" option

If you use SEP older than Version 14.3 RU1 please check the following article: How to query the SEPM embedded database

If you would like to learn more about SEP versions please check the following article: Versions, system requirements, release dates, notes, and fixes for Symantec Endpoint Protection and Endpoint Security