This KB article contains information about issues that occurred after the release of Symantec Endpoint Detection and Response (SEDR) 4.9.
Click the following link to view the 4.9 Release Notes:
Symantec EDR appliance
Issues that occurred after the Symantec EDR 4.9 release are as follows:
Triggering events no longer appear highlighted in red
On the Incident Details page > Events tab, triggering event descriptions are not prepended with the red text "TRIGGERING EVENT".
This issue is resolved in atp-patch5-4.9.1-1. Use the patch CLI command to install this version.
EDR 4.9.x and earlier is incompatible with SEP 14.3 RU9
SEP 14.3 RU9 is incompatible with Symantec EDR 4.9 and earlier. This incompatibility is due to the URL consolidation introduced in SEP 14.3 RU9.
This issue is fixed in Symantec EDR 4.10. If you want to upgrade to SEP 14.3 RU9 before you upgrade to EDR 4.10, Symantec EDR engineering has created a hotfix to address the incompatibility issue.
You can do either of the following to resolve this issue:
If you want to wait to install Symantec EDR 4.10 before you install SEP 14.3 RU9. |
1. Install Symantec EDR 4.10 2. Install SEP 14.3 RU9. |
If you are running Symantec EDR 4.9 and want to upgrade to SEP 14.3 RU9. |
1. Use the patch CLI command to install Symantec EDR hotfix 2. 2. Upgrade to SEP 14.3 RU9. |
If you are running Symantec EDR 4.9.1 and want to upgrade to SEP 14.3 RU9. |
1. Use the patch CLI command to install Symantec EDR hotfix 4. 3. Upgrade to SEP 14.3 RU9. |
If you are running Symantec EDR 4.8 or earlier and want to upgrade to SEP 14.3 RU9. |
1. Upgrade to Symantec EDR 4.9.1. 2. Use the patch CLI command to install Symantec EDR hotfix 4. 3. Upgrade to SEP 14.3 RU9. |
For more information see:
Decreased 4102 and 4098 events after on EDR after upgrading to SEP 14.3 RU9
The EDR engineering team resolved an issue where the default firewall rules were not loaded after installing or upgrading to version 4.9.