Some SEPM groups disappear from the SEPM Group Inclusions on the Symantec Endpoint Detection and Response (SEDR) appliance.
SEDR 4.6.8 or older
SEPM 14.3 RU4 or 14.3 RU3
SEPM responds with an incomplete list of groups when a dead-lock internally occurs in the SEPM DB. SEDR does not detect the response as incomplete and removes any group not listed in the response.
The SEPM half of this issue is resolved in SEPM 14.3 RU5. Please update to SEPM 14.3 RU5 at your earliest convenience to receive this fix.
Broadcom Engineering has resolved the EDR half of this issue in EDR version 4.7.0. Please update to EDR 4.7.0 at your earliest convenience to receive this fix.