SEP itself is not an EDR; you must buy Symantec EDR (formerly SEP Mobile/EDR) as an add-on. Without it, investigation is limited to local logs and basic quarantine.
: Addressed a failure in the "Get Quarantined File" command for files within archives. 4. Known Issues & Workarounds symantec endpoint protection 14.3 ru5
: System lockdown and exception policies now support SHA-256 hash types in addition to the legacy MD5, providing a more secure method for identifying and allowing trusted files. SEP itself is not an EDR; you must