The https://synapse.symantec.com server is listed as a requirement for synapse correlation of events gathered from Advancted Threat Protection (ATP): Endpoint. What is the expected behavior if this server is not reachable?
In ATP versions 2.2 and earlier, if the option under Global Settings > Synapse, “Enable Symantec Endpoint Protection Correlation” is enabled, then a connection to https://synapse.symantec.com is required for the proper operation of the ATP Manager appliance. Otherwise, the system will eventually be filled with queued statistic events destinated to Symantec cloud. Please note that correlation would still work but it is placing the system into a bad posture per previous statement. ATP 2.2 and earlier must have connectivity to synapse.symantec.com. If not, do not enable “Symantec Endpoint Protection Correlation”.
Starting with ATP 2.3, this connection is not required. ATP 2.3 and later will send telemetry data to the servers if "Send data to Symantec for statistical and diagnostic purposes." is enabled on the Global Settings page, so they are still included in the status_check command.
Subscribing will provide email updates when this Article is updated. Login is required.