Encrypting communication with a SEPM Microsoft SQL Server database
Last Updated September 25, 2018
When you integrate ATP with Symantec Endpoint Protection, you may want to enable SSL-encrypted communication with your SEPM database server. You only need to encrypt communication to your external Microsoft SQL Server. If you use the embedded SEPM database, ATP automatically encrypts communication to that server.
To encrypt communication, Symantec recommends that you install a signed certificate from a certificate authority (CA) on the Microsoft SQL Server. If you do not install a signed certificate from a CA, you can install a self-signed certificate. If you create and install a self-signed certificate, contact Symantec Customer Support for assistance with importing the certificate into the ATP Keystore.
When you enable Symantec Endpoint Protection Correlation in ATP Manager, ATP verifies whether the communication to each enabled database is encrypted. ATP Manager then displays the status for each SEPM database connection in the Settings > Global Settings > Synapse section.
A connection is considered encrypted if the MS SQL Server ForcedEncryption option is configured for Yes, and you have a valid certificate installed. A connection is considered unencrypted if the ForceEncryption option is configured for No. In either case, ATP collects events from the database.
A Connection Error occurs if the ForcedEncryption option is configured for Yes, but you do not have a valid certificate. (For example, if you have no certificate installed, or the certificate is expired.) In this case, ATP does not collect events from the database.
If communication to one of your SEPM databases is unencrypted:
ATP Manager displays Healthy [unencrypted connection] in the Status column for that database, and after the Enable Symantec Endpoint Protection Correlation check box.
These statuses appear even if you have other SEPM databases that are encrypted.
If communication to one of your SEPM databases is encrypted:
ATP Manager displays Healthy [encrypted connection] in the Status column for that database, and Healthy after the Enable Symantec Endpoint Protection Correlation check box.
ATP creates an event each time it establishes a connection to a database. You can view and query these events in ATP Manager in the Logging > System Activity logs.