After upgrading to Symantec Endpoint Protection (SEP) 14.3 RU9 you notice a reduction in the number of 4102 and 4098 events on the Symantec Endpoint Detection and Response (SEDR) appliance.

SEP 14.3 RU9

SEDR 4.9.x and earlier

SEP 14.3 RU9 uses a consolidated list of URLs to communicate with the Broadcom servers, however SEDR 4.9.x and older do not support the consolidated list.

This issue is resolved in SEDR 4.10.  If upgrading to SEDR 4.10 is not possible, then the workaround below may be utilized.

Workarounds:

SEDR 4.9.1:

1. Log in to the admin CLI
2. Verify the patch is available by running the following command:
   

   patch list -v atp-patch4-4.9.1-1

3. Download the patch using the following command:
   

   patch download atp-patch4-4.9.1-1

4. Install the patch by running the following command:
   

   patch install atp-patch4-4.9.1-1

SEDR 4.9.0:

NOTE: If you upgrade from SEDR 4.9.0 to SEDR 4.9.1 after performing the steps below, then you will need to re-apply the patch using the SEDR 4.9.1 steps.

1. Log in to the admin CLI
2. Verify the patch is available by running the following command:
   

   patch list -v atp-patch2-4.9.0-1

3. Download the patch using the following command:
   

   patch download atp-patch2-4.9.0-1

4. Install the patch by running the following command:
   

   patch install atp-patch2-4.9.0-1

SEDR 4.8 and older:

• Upgrade to SEDR 4.9.1 and follow the workaround steps listed above.