Symantec Endpoint Security (SES) clients do not show a green dot. When checking the cloud connection status in Help -> Troubleshooting, the status shows 'Not Connected'.

There is confusion whether the client is working properly. 

Symantec Endpoint Security (SES) clients on Windows. 

There are two connections that have to both be continuously successful for the client to show online status / green dot:

• CDM data channel, shown as "Cloud Connected / Attempted". These are the calls to the CDM APIs, a connection is made for only as long as needed to upload / download all the actual cloud management data (opstate, policies, commands, everything)
• SPOC data channel, shown as "SPOC Connected / Attempted". This is a mostly-idle connection held open to cloud for a long period of time, to receive cloud-side notification of events like a policy update, group move, or command assignment.

If the proxy is closing (FIN) the SPOC connection, SPOC interprets this remote-close as a connection error and goes into a retry mode, thus switching to "SPOC Attempted" and removing the green dot. The next SPOC reconnection is made 3 minutes later, but this timing will vary. Until that reconnection happens, the client will display offline, and on reconnect, go online for probably another >= 4 minutes until the next proxy disconnection happens. The client will not receive cloud-side pushes of policy updates / etc until the SPOC reconnection.

SPOC would cycle the connection on its own at shortly after 4 minutes of idle, so the recommendation is to increase the proxy's idle timeout to >= 245 seconds. The increased idle timeout will help keep the green dot. The window can be somewhere between 245 seconds to 300 seconds.