If you are configuring an EDR 2.0 configuration, you can use this dialog box to configure Symantec Endpoint Protection policies and communication with your Symantec Endpoint Protection clients. This feature is not supported for EDR 1.0.
About Host Integrity and Quarantine Firewall Policies
ATP requires Host Integrity and Quarantine Firewall policies to isolate and rejoin endpoints from ATP Manager. You can specify if you want ATP to create these policies and push them out to managed endpoints. ATP does not override any existing policies. If ATP does not create these policies, you must create them yourself in Symantec Endpoint Protection Manager.
Since ATP does not overwrite existing policies, enabling this option might have unintended consequences. For example, assume that you have an existing Host Integrity (HI) policy but no Quarantine Firewall policy. When you enable this option, ATP does not overwrite the HI policy, but it does apply a Quarantine Firewall policy. If the Host Integrity policy fails, the ATP Quarantine Firewall policy isolates the endpoint from the network. However, that might be the intention of your Host Integrity policy.
Once this feature has been enabled, it cannot be disabled. This limitation is because ATP has already applied the policies to managed endpoints and cannot remove the policies. However, you can manually remove or modify these polices through Symantec Endpoint Protection Manager.
About Private Cloud policies
Enable Symantec Endpoint Protection endpoints to communicate with ATP, including performing Insight lookups. When you configure communication with your Symantec Endpoint Protection clients, you can perform the following tasks through ATP:
EDR 2.0 communication, which includes remediation commands, search commands, and live response events
Whitelisting and blacklisting by SHA256 hash or MD5 hash
SHA256 blacklist and whitelist are applied to ATP proxy reputation lookups. Only MD5 file hashes are blacklisted on Symantec Endpoint Protection Manager. Whitelisting on Symantec Endpoint Protection Manager through ATP is unsupported.
This feature lets endpoints can use Symantec public domain look-up servers if ATP is unavailable.
This feature is not available for clients running SEP 12.1.5 or earlier.
Selecting this option enables the highest security setting. Apply private cloud policies to all non-default SEPM groups. Private cloud policies for the top-level SEPM group 'My Company' and its inherited groups are always overwritten regardless of whether you select this option.
These configuration settings apply to all of the clients that Symantec Endpoint Protection Manager manages. Configure these settings for new, initial installations of ATP. If you performed an upgrade, you may have already configured private cloud settings in your Symantec Endpoint Protection Manager to take advantage of legacy features. If so, you do not need to make any changes on this page (click Next to proceed to the next dialog box). If you have configured private cloud settings on your Symantec Endpoint Protection Manager, making changes on this dialog box overrides those existing settings.