ProxySG & Advanced Secure Gateway

I have been through a video on the e-library section that says :

1) CAS identifies potential threat using information from GIN and sends to SEPM to verify.

2) SEPM checks with endpoints to identify which are infected and responds to ProxySG.

3) Remediation: blacklist communicated to 

• ProxySG/ Content Analysis
• SEPM

My query is if SEPM talks to ProxySG directly about the blacklist?

Hi Trevor,

                As per the article https://origin-symwisedownload.symantec.com/resources/webguides/contentanalysis/21/index.htm#Topics/Tasks/services_sandboxing_sepm.htm?Highlight=endpoint and as seen in production, SEPM will only be notified by the CAS if the Sandboxing results in a detection. The hash of the detected file will be passed to SEPM to add to blacklist and remediation action. This needs the sandboxing to be a must which is not present in ProxySG alone. So we can't integrate SEPM directly to ProxySg without a CAS module in between. 

Hi Aravind,

What if an ATP solution is in place to notify SEPM?
I understand the need for CAS to be in place for sandboxing at the ProxySG level and it's integration with SEPM, but what if for example an environment has an ATP in place and we need SEPM to update the ProxySG about an infected endpoint?
As per the diagram attached to this comment does SEPM talk to the ProxySG directly or will it always talk through CAS?

Hi Trevor,

               As far as I understood, SEPM can communicate to the ATP about the infections and domains reported to be problematic. Still not clear on how ATP and SEP will communicate to Proxy directly. I don't see an option in Proxy for that yet. Better to get this checked with our Sales Engineer for your region. They might be able share details on Integration completely.