After upgrading to Symantec Endpoint Detection and Response (SEDR) 4.8.0 it is noted that some Incident Rules which you previously disabled, are triggering incidents. A review of the Incident Rules confirms the rule is disabled.
Release : 4.8.0
After updating the AAT definitions, the EDR was not re-applying the custom Incident Rule states.
Broadcom engineering has created patch atp-patch1-4.8.0-1 which resolves this issue. To install the patch please perform the following steps.
patch list
patch download atp-patch1-4.8.0-1
patch install atp-patch1-4.8.0-1
patch list_installed