Symantec Endpoint Detection and Response can integrate with Symantec™ Endpoint Protection for enhancing event information and providing Endpoint Communications Channel (ECC) functionality. Symantec EDR has certain version requirements based on various components of SEP.
The minimum SEPM version is 12.1 RU6 or later. Symantec EDR can connect to multiple SEP sites. But Symantec EDR only supports up to ten connections to SEPM hosts and one connection per SEP site.
Symantec EDR can manage the client endpoints that run SEP version 12.1 RU 6 MP3 or later with full ECC functionality. Client endpoints that run versions earlier than SEP 12.1 RU5 are not supported. Some functionality is limited for the clients that run on versions between SEP 12.1 RU5 and 12.1 RU6 MP3. The Symantec EDR documentation describes any functionality limits based on the version of the SEP client.
SEPM can store logs either in an internal embedded database or in an external Microsoft SQL Server database. Symantec EDR can access external Microsoft SQL Server database without any special host system requirements. When SEPM uses an embedded database, Symantec EDR uses a log collector on the SEPM host. This log collector requires the SEPM host to be running one of the following operating systems:
Windows 7 (64-bit only)
Windows 8 (64-bit only)
Windows Server 2008
Windows Server 2012
Windows Server 2012 R2 or later (recommended)
See the Symantec Endpoint Protection documentation for SEPM system requirements.