search cancel

How to query Symantec Endpoint Protection Embedded database in version 14.3 RU1 and newer?

book

Article ID: 240358

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

How to query SEPM SQL Server Express database in version 14.3 RU1 and newer?

Cause

In version 14.3 RU1 the embedded database was updated to the Microsoft SQL Express database. The SQL Server Express database stores policies and security events more efficiently than the default embedded database and is installed automatically with the Symantec Endpoint Protection Manager.

More information: What's new for Symantec Endpoint Protection 14.3 RU1?

Environment

14.3 RU1 or newer

Resolution

1.Download and install SQL Server Management Studio on SEPM machine.

Microsoft website: https://docs.microsoft.com/en-us/sql/ssms/download-sql-server-management-studio-ssms?view=sql-server-ver15

2.Machine’s restart will be required to finish installation

3.After installation in Windows Menu Start choose Microsoft SQL Server Tools > Microsoft SQL Srever Management Studio

4.After start you will be prompted to connect to the server.

Server type: Database Engine

Server Name: [Your SEPM Machine name]\SQLEXPRESSSYMC

Authentication: SQL Server Authentication

Username: dba 

Password: [Same as SEPM admin’s password]

5.Test if you can querry you db by choosing File>New>Query with current Connection

Place a querry and click ‘Execute’

 

Sample query: select * from SEM_COMPUTER will return

Additional Information

If you use SEP older than Version 14.3 RU1 please check the following article: How to query the SEPM embedded database

If you would like to learn more about SEP versions please check the following article: Versions, system requirements, release dates, notes, and fixes for Symantec Endpoint Protection and Endpoint Security