SEPM 14.3 RU2
EDR 4.6.0-666

Possible parsing error when retrieving saved "Group Inclusions".

This issue is fixed in Symantec Endpoint Protection 14.3 RU3.  For information on how to obtain the latest build of Symantec Endpoint Protection, see Download the latest version of Symantec Endpoint Protection.

If updating is not possible then please use the steps below as a temporary workaround.

• On the SEPM extract the contents of "14_3_ru2_4618_rest-api.zip" below.
• Navigate to the "...\Symantec Endpoint Protection Manager\tomcat\instances\sepm-api\webapps\sepm\WEB-INF\lib"
• Replace the file "sepm-rest-api-1.0.0.jar" with the extracted contents (See note)
• Restart the SEPM API service.
  • Run the SERVICES.MSC from the start menu.
  • Locate the service "Symantec Endpoint Protection Manager API Servers".
  • Restart the service by right clicking on the service and selecting "Restart"
• From the EDR console
  • Remove the previous connection
  • Add the SEPM server connection

Note:  It is recommended to replace the file.  Avoid renaming the file in the same directory since the server loads all the .jar files in "...\WEB-INF\lib" folder, which may not even fix the issue.

Please note that if you have multiple connected SEPM instances at a site (that is, the SEPM instances share a database), create a connection to only one SEPM per site in the EDR appliance console. If multiple SEPMs from the same site attempt to connect to the same Symantec EDR management platform, they compete for authentication credentials and might not operate properly. 

See the section About configuring the connection to SEPM in the EDR documentation https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/endpoint-detection-and-response/4-6.html where it states this. 

This same error could be seen if a second SEPM is configured that shares a database with a SEPM that is already configured in EDR.