When you search endpoints in ATP, endpoint diagnostic information is queried according to your search specifications. As a result, incomplete endpoint searches can occur when certain conditions exist:
When endpoints are offline.
When commands are being sent to the endpoints.
When the scheduler maximum been met.
If the system time for the client computer is offset from ATP Manager.
For best results, ensure that client computers on which you perform searches are synced with a time server (such as ntp.symantec.com).
See Canceling an endpoint search query
See About the ways to search for indicators of compromise in your organization.
Subscribing will provide email updates when this Article is updated. Login is required to Subscribe
Thanks for your feedback. Let us know if you have additional comments below. (requires login)
This will clear the history and restart the chat.