search cancel

SEP client is not isolated by "Isolate" command from SEDR

book

Article ID: 242027

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection

Issue/Introduction

Symantec Endpoint Protection (SEP) client is not isolated after doing "isolate" command to it on Symantec Endpoint Detection and Response (SEDR) console. On Symantec Endpoint Protection Manager (SEPM) console - [Monitors] - [Command Status], "Place client(s) in Quarantine" command status shows "Completed", but client does not move to "Quarantine" location.

Environment

  • EDR 4.6.8
  • SEP 14.0 MP2 client

Cause

[Never do Host Integrity checking] is selected in Host Integrity policy - [Requirements] section.

Resolution

Choose [Always do Host Integrity checking" in Host Integrity policy - [Requirements] section or upgrade SEP client to 14.0 RU1 and later if you do not want to run HI check on client anyway.

Attachments