Determining Symantec Endpoint Protection client EDR enrollment status
Last Updated September 25, 2018
For Symantec Endpoint Protection clients to use Endpoint Detection and Response (EDR) 2.0, you must enroll them with Symantec Advanced Threat Protection (ATP). Knowing the enrollment status of an endpoint can help you troubleshoot issues, such as why an endpoint does not return results to ATP.
Endpoints that meet the minimum requirements to be eligible for EDR 2.0 enrollment, but are not currently enrolled.
This status can appear in any one of the following situations:
The client is running an older version of Symantec Endpoint Protection which does not meet the minimum version requirement. For EDR enrollment, the minimum supported version is SEP14.0 RU1.
This status can also mean that the endpoint entity is created from ATP:N traffic. So it doesn't have associated Symantec Endpoint Protection endpoint details.
The client operating system is not Windows (e.g., Mac).
This status appears before ATP can determine the enrollment status and the enrollment process has not begun yet.
If the status doesn't change to Authentication Pending in several hours, there is an issue with the enrollment process.
ATP is in the process of provisioning the device for enrollment.
ATP finished provisioning the client for enrollment and sent the logon credentials to Symantec Endpoint Protection Manager. ATP is waiting for the client to authenticate to complete the enrollment process.
The client is enrolled with EDR 2.0.
The client had been enrolled with EDR, but it has subsequently been unenrolled.
The client belongs to a Symantec Endpoint Protection Manager that has the EDR feature disabled on the Settings > Global page.
ATP provides the various ways that you can determine the EDR enrollment status for any endpoint. Click on any of the following links to learn more about that method.
To view the status breakdown of endpoints managed by a registered Symantec Endpoint Protection Manager
On the Settings > Global page, scroll down to Endpoint Detection and Response, SEP Policies, and Endpoint Data Recorder. Click the actions menu (three vertical dots) to the far right of the Symantec Endpoint Protection Manager that contains the clients whose enrollment status you want to view.
Menu options appear.
Click Enrollment Statistics.
The enrollment statistics appear on a separate dialog window.