search cancel

Logs for offline detection or quarantine of files are not sent to the SEPM

book

Article ID: 256409

calendar_today

Updated On:

Products

Endpoint Security Complete

Issue/Introduction

Risks are detected while a Symantec Endpoint Protection (SEP) client is disconnected from the Symantec Endpoint Protection Manager (SEPM). Upon reconnecting the client to the SEPM, the logs for detection or quarantine are not sent to the SEPM

Environment

Hybrid SEPM / cloud management

Cause

Logs are only sent once and marked as uploaded, whether that is to the SEPM or to the cloud. 

Resolution

When hybrid-managed clients are disconnected from the SEPM, the events are uploaded to the ICDm (cloud console). Those events are not synched back to the SEPM, by design.