Endpoint Detection and Response (EDR)

 View Only
Expand all | Collapse all

SEDR 4.6 show Critical certificate alert of a different SEPM ip address

  • 1.  SEDR 4.6 show Critical certificate alert of a different SEPM ip address

    Posted Feb 01, 2023 12:22 AM
    Hello Team,

    EDR Version: 4.6.8-8

    Getting Critical certificate expire and symantec EDR is critical for SPEM server 192.168.3.20
    but on SEDR ECC configuration we have only SEPM IP 192.168.3.147 configured as below:



    Troubleshooting Performed :
    1) We checked that the reporting EDR is functional with version 4.6.8-8
    2) Tried to check the certificate expired for SEPM which shows IP 192.168.3.20 which is long back removed and was used with version 12
    3) Tried to check under Data sharing if 3rd party integrations done .
    4) As reboot was already tried , checked over known fixes have found the suggested broadcom version upgrade has been released for v4.7 which will resolve this reported issue .

    Hence, we have upgraded EDR to 4.7.1-40. EDR still have both issue.

    Please recommend how to check why the different server IP is showing and how to mitigate it.


    Regards,
    Sachin


  • 2.  RE: SEDR 4.6 show Critical certificate alert of a different SEPM ip address

    Broadcom Employee
    Posted Feb 03, 2023 08:04 AM
    Hi Sachin,

    Please open a support case and an EDR Support Engineering will be able to help investigate and resolve this issue.

    regards,
    Gavin