Do not manually delete any Tanium content that includes “Comply” in the name for any reason. This can cause Comply to stop working correctly.
Due to an expired CIS certificate, all CIS-CAT engines supported by Comply 1.3.2 or older will fail signature validation causing the engine not to run.
To resolve this issue, you must upgrade to Comply 1.3.3 or later. The tools in Comply 1.3.3 provide a work-around for this issue. After deploying these tools, all versions of CIS-CAT will work correctly. Comply 1.3.3 also adds support for CIS-CAT 3.0.43, which contains code signed with a valid certificate.
If you are unable to upgrade Comply, please contact your TAM.
You may need to collect a support bundle that includes logs associated with Comply for troubleshooting purposes when working with technical support or your TAM.
You must have the Comply Admin role to collect the support bundle. For more information about Comply roles, see User role requirements.
To collect the support bundle
- At the top right of the Home page, click Help .
- On the Troubleshooting tab, in the Support Request section, click Create Package to download a support bundle of files to provide to your TAM or technical support.
You may need to locate log files on your endpoint or on the Tanium Module Server for troubleshooting purposes when working with technical support or your TAM.
Endpoint log files
Comply log files are created on endpoints at the following path: C:\Program Files (x86)\Tanium\Tanium Client\Tools\Comply\logs
Log files for each scan are keyed by report hash. Only the most recent file is kept.
Tanium Module Server log files
Comply log files are created on the Tanium Module Server at the following path: C:\Program Files\Tanium\Tanium Module Server\services\comply-service\logs
Service log files are found here.
If a JRE encryption key is lost or overwritten, Comply allows you to recreate the JRE encryption key.
- At the top right of the Home page, click Settings .
- On the JRE Encryption Key tab, click Generate Random Key to generate a new JRE encryption key.
- Enter your credentials and click OK.
You can provide your own encryption key; however, Tanium recommends that you generate a random key.
If you have existing reports on endpoints with an encrypted JRE, those reports must be redeployed. In addition, all existing encrypted deployments must be redeployed so they are updated with the new key.
Last updated: 7/10/2019 9:14 AM | Feedback