Symantec Endpoint Detection & Response (EDR) Notes - NETSEC


Learning, Sharing, Creating

Cybersecurity Memo

Wednesday, November 20, 2019

Symantec Endpoint Detection & Response (EDR) Notes

Symantec EDR (Endpoint Detection & Response, Previously ATP - Advanced Threat Protection) exposes advanced attacks with precision machine learning and global threat
intelligence minimizing false positives and helps ensure high levels of productivity for security teams. Symantec EDR capabilities allow incident responders to quickly search, identify and contain all impacted endpoints while investigating threats using a choice of onpremises and cloud-based sandboxing. Also, Symantec EDR enhances investigator productivity with automated investigation playbooks and user behavior analytics that brings the skills and best practices of the most experienced security analysts to any organization, resulting in significantly lower costs.

Symantec EDR Software Update

To update the Symantec EDR software in the EDR appliance console
  1. In the EDR appliance console, click Settings > Appliances.
  2. Click the Update Software option for the device that you want to update.
    The management platform must be updated first. Once it is updated, you can initiate updates for each of the network scanners from the EDR appliance console.
    An update can take some amount of time. The appliance automatically restarts when an update is completed. If an error occurs during the update process, you can use the update status command in the command line interface to find out more information about the status of the last performed update.
To update the Symantec EDR software using the CLI
  • On the management platform or all-in-one appliance, run the update command with desired options.
    For example, to update to the latest version of Symantec EDR software, enter:
    update install

Notification: SEPM Unavailable

Symantec EDR lost the connection to SEPM. Troubleshooting from following steps:
1. check connectivity between EDR management appliance and SEPM
2. Verify SEPM has right credential for EDR to connect.


Updating Symantec EDR software

No comments:

Post a Comment