Decreased 4102 and 4098 events after on EDR after upgrading to SEP 14.3 RU9
search cancel

Decreased 4102 and 4098 events after on EDR after upgrading to SEP 14.3 RU9

book

Article ID: 367246

calendar_today

Updated On:

Products

Endpoint Detection and Response Endpoint Protection

Issue/Introduction

After upgrading to Symantec Endpoint Protection (SEP) 14.3 RU9 you notice a reduction in the number 4102 and 4098 events on the Symantec Endpoint Detection and Response (SEDR) 4.9.x appliance.

Environment

SEP 14.3 RU9

SEDR 4.9.x

Cause

SEP 14.3 RU9 uses a consolidated list of URLs to communicate with the Broadcom servers, however SEDR 4.9.x and older do not support the consolidated list.

Resolution

This issue is resolved in SEDR 4.10.  If update to SEDR 4.10 is not possible, then the workaround below may be utilized.

Workarounds:

SEDR 4.9.1:

  1. Log in to the admin CLI
  2. Verify the patch is available by running the following command:
    patch list -v atp-patch4-4.9.0-1
  3. Download the patch using the following command:
    patch download atp-patch4-4.9.0-1
  4. Install the patch by running the following command:
    patch install atp-patch4-4.9.0-1

SEDR 4.9.0:

NOTE: I you upgrade from SEDR 4.9.0 to SEDR 4.9.1 after performing the steps below, then you will need to re-apply the patch using the SEDR 4.9.1 steps.

  1. Log in to the admin CLI
  2. Verify the patch is available by running the following command:
    patch list -v atp-patch2-4.9.0-1
  3. Download the patch using the following command:
    patch download atp-patch2-4.9.0-1
  4. Install the patch by running the following command:
    patch install atp-patch2-4.9.0-1

SEDR 4.8 and older:

  • Upgrade to SEDR 9.1 and follow the workaround steps listed above.