You receive an error on the Symantec Endpoint Detection and Response (SEDR) appliance that states that the Splunk Server Certificate has expired, however no Splunk server is currently configured.

A SEDR appliance where the Splunk Integration was previously configured but has since been removed.

The certificate metadata remained after removal of the Splunk Implementation settings.

In SEDR 4.8 functionality was added that allows for the proper removal of the Splunk Integration settings.  It is recommended that customers upgrade to SEDR 4.8 or newer in order to receive this fix.