While reviewing your SEP/SEDR integration, or integrating for the first time, you want to know which features in SEP are needed for the ATP or SEDR appliance to get the correct threat data to generate Incidents, perform ECC 2.0 functions, and blacklist files as expected.
You may seek to minimize the load on the client by disabling some SEP features. Before you decide which functions to disable, you need to know which SEP technologies that ATP or SEDR rely on for advanced detection.
The SEDR software requires the following SEP client features and functions to be enabled:
Firewall enabled for endpoint isolation to function: