About integrating ATP with Symantec Endpoint Protection
Last Updated September 25, 2018
Symantec Advanced Threat Protection (ATP) integrates with Symantec Endpoint Protection to let you detect and respond to potential threats targeted at the endpoints in your environment. ATP integration with Symantec Endpoint Protection provides these capabilities:
Allowing ATP to act as a proxy for network requests for endpoints managed by Symantec Endpoint Protection. This lets ATP monitor and manage all network traffic from the endpoints and provide threat assessment for dangerous activity.
Correlation of event data from Symantec Endpoint Protection Manager to ATP through Synapse.
Viewing files from endpoints and performing operations on those files, such as uploading the files to ATP for further analysis.
Sending administrative commands to Symantec Endpoint Protection Manager and endpoints, such as adding files and domains to the whitelist or blacklist.
If you enable integration with Symantec Endpoint Protection after you have already been scanning your network for some time, it is possible that duplicate records can be created in ATP after Symantec Endpoint Protection integration is enabled. This occurs in situations when network scanning is performed on endpoints and only the IP address of the endpoint is available (reverse DNS lookups are not enabled on the system). You can avoid this by either ensuring that reverse DNS lookups are available on your endpoints or by first enabling Symantec Endpoint Protection integration before enabling network scanning in ATP.