Late-breaking issues for Symantec EDR 4.9
search cancel

Late-breaking issues for Symantec EDR 4.9

book

Article ID: 278073

calendar_today

Updated On:

Products

Endpoint Detection and Response

Issue/Introduction

This KB article contains information about issues that occurred after the release of Symantec EDR 4.9.

Click the following link to view the 4.9 Release Notes: 

https://techdocs.broadcom.com/content/dam/broadcom/techdocs/us/en/dita/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/generated-pdfs/sedr_release_notes_49.pdf

Environment

Symantec EDR appliance

Resolution

Issues that occurred after the Symantec EDR 4.9 release are as follows:

 

Triggering events no longer appear highlighted in red

On the Incident Details page > Events tab, triggering event descriptions are not prepended with the red text "TRIGGERING EVENT".

This issue is resolved in atp-patch5-4.9.1-1. Use the patch CLI command to install this version.

 

EDR 4.9.x and earlier is incompatible with SEP 14.3 RU9

SEP 14.3 RU9 is incompatible with Symantec EDR 4.9 and earlier. This incompatibility is due to the URL consolidation introduced in SEP 14.3 RU9.

This issue will be fixed in Symantec EDR 4.10, which is scheduled to release late June 2024. But if you want to upgrade to SEP 14.3 RU9 before you upgrade to EDR 4.10, Symantec EDR engineering has created a hotfix to address the incompatibility issue.

You can do either of the following to resolve this issue:

If you want to wait to install Symantec EDR 4.10 before you install SEP 14.3 RU9.

1. Install Symantec EDR 4.10

2.  Install SEP 14.3 RU9. 
If you are running Symantec EDR 4.9 and want to upgrade to SEP 14.3 RU9.

1. Use the patch CLI command to install Symantec EDR hotfix 2.

2. Upgrade to SEP 14.3 RU9.
If you are running Symantec EDR 4.9.1 and want to upgrade to SEP 14.3 RU9.

1.  Use the patch CLI command to install Symantec EDR hotfix 4.

3.  Upgrade to SEP 14.3 RU9.
If you are running Symantec EDR 4.8 or earlier and want to upgrade to SEP 14.3 RU9.

1.  Upgrade to Symantec EDR 4.9.1. 

2.  Use the patch CLI command to install Symantec EDR hotfix 4.

3.  Upgrade to SEP 14.3 RU9.

For more information see:

SEPM Release Notes

path command

Decreased 4102 and 4098 events after on EDR after upgrading to SEP 14.3 RU9

 

EDR 4.9.1 - Upgrading to EDR 4.9.1 resolves a security risk

The EDR engineering team resolved an issue where the default firewall rules were not loaded after installing or upgrading to version 4.9.



Powered by Wolken Software