EDR 2.0 refers to the enhanced Endpoint Detection and Response (EDR) features of Symantec Advanced Threat Protection (ATP) and Symantec Endpoint Protection. This enhanced functionality is available in ATP version 3.0 and later and SEP 14.1 and later. These features include direct communication between ATP and Symantec Endpoint Protection endpoints for enhanced searching and management. The feature also includes the verbose forensic activity information that the endpoint data recorder provides. EDR 2.0 is enabled by default in new installations of ATP version 3.0 and later. In this case, leave the option enabled. Then add Symantec Endpoint Protection Manager configuration details, Symantec Endpoint Protection policy settings, and Endpoint Data Recorder configuration settings to start using EDR 2.0.
Important: When you upgrade from ATP 2.3 or earlier, you must change the port and possibly the protocol that you use for SEP communication with ATP. This change in protocol and port is required to take advantage of Endpoint Detection and Response (EDR) 2.0 functionality, such as the endpoint data recorder. EDR 2.0 requires SEP endpoints to communicate with ATP on HTTPS and port 443. When EDR 2.0 is enabled, HTTP port 80 is no longer available for SEP clients to communicate to ATP as their Private Insight Server. The recommended protocol for all SEP communication with ATP (including Insight lookups) is HTTPS port 443. Alternate ports available for Private Insight Server settings are HTTP port 8080 or HTTPS port 8443. Note that using these alternative ports does not enable EDR 2.0.
Immediately upon upgrading to ATP 3.0, EDR 2.0 is disabled, and Private Insight Server settings are not affected. If you are running SEP 14.0 RU1 or later, when you enable EDR 2.0, ATP automatically pushes Private Insight Server settings to the SEPM. ATP also automatically pushes the appropriate ATP built-in SSL certificate (as well as third-party certificates that have already been installed and pushed to the endpoints) to the SEP endpoints running SEP 14.0 RU1 or later. The certificate ensures secure communication with ATP on HTTPS. If your SEPM is not on 14.0 RU1 or later, you must manually modify the Private Insight Server settings in the SEPM console. If you have endpoints that run versions before SEP 14.0 RU1, you must install the ATP certificate on those clients to ensure that they communicate with ATP.