Troubleshooting Enforce

To collect and send information to Tanium for troubleshooting, collect logs and other relevant information.

Collect logs

The information is saved as a ZIP file that you can download with your browser.

  1. From the Enforce home page, click Help , then the Troubleshooting tab.
  2. Click Collect.
    A Enforce-support.[timestamp].zip file downloads to the local download directory.
  3. Attach the ZIP file to your Tanium Support case form or send it to your TAM.

Tanium Enforce maintains logging information in the Enforce.log file in the \Program Files\Tanium\Tanium Module Server\services\Enforce directory.

Enforce sensors

The following Enforce sensors are available:

Not all Enforce sensors report back the most recent data. Most provide information gathered during the latest validation check on the endpoint. Validation checks are performed at intervals of approximately 15 minutes.

Enforce - Anti-Malware Definition Outdated

Reports the current Windows Anti-malware definition version installed on the computer is out of date.

Enforce - Anti-Malware Definition Version

Reports the current Windows Anti-malware definition version installed on the computer.

Enforce - Anti-Malware Engine Version

Reports the current Windows Anti-malware engine version installed on the computer.

Enforce - Anti-Malware Threat Details

Reports all anti-malware threats along with detection date, process name, and file paths.

Enforce - Anti-Malware Threats Last X Days

Given a number of days in the past, this sensor reports all anti-malware threats since that date.

Enforce - Coverage Status

Returns "Optimal" if Enforce is installed and running, "Needs Attention" if Enforce is not installed or is not healthy, "Unsupported" if the operating system is not supported.

Enforce - Diagnostic - Applied Machine Policies

Specifically for small scale diagnostics. Returns the status of machine policy settings that are applied or partially applied on endpoints

Enforce - Diagnostic - Applied Policy Items

Specifically for small scale diagnostics. Returns a list of all policy items to be applied on endpoints, including those that will not apply because they are superseded by a duplicate setting.

Enforce - Firewall Rules [Linux]

Reports all configured firewall rules on linux endpoints.

Enforce - Firewall Rules [Windows]

Reports all configured firewall rules.

Enforce - Machine Policy Status

Given a list of Policy Id numbers, reports the enforcement status of each.

Enforce - Machine Policy Status [VBS]

Given a list of Policy Id numbers, reports the enforcement status of each. Unlike other sensors, VBS sensors provide up-to-the-minute results.

Enforce - Tools Version

Reports support and installation details. Checks if the endpoint supports the tools and has enough disk space. If a package has been deployed, reports the install location, version of tools, and if all the required tools are present.

Monitor and troubleshoot Enforce coverage status (% of total)

The following table lists contributing factors into why the Enforce coverage might be lower than expected, and corrective actions you can take.

Contributing Factor Corrective Action(s)
Incorrect targeting criteria used in computer groups Ensure computers that should be managed by Enforce are included in computer group creation.
Enforce action group is too narrow Ensure computer groups that should be managed by Enforce are included in the Enforce action group.

Monitor and troubleshoot policy enforcement status (% of total)

The following table lists contributing factors into why the Enforce policy enforcement coverage might be lower than expected, and corrective actions you can take.

Contributing Factor Corrective Action(s)
Enforce tools are not deployed Ensure computer groups that should be managed by Enforce are included in the Enforce action group.
Domain Group Policy is currently applied Reference the output from enforcement policy status and work with Active Directory team to set conflicting policy items to “Not Defined” in the domain policy.

Monitor and troubleshoot host firewall status on endpoints

The following table lists contributing factors into why the Enforce host firewall metric might be lower than expected, and corrective actions you can take.

Contributing Factor Corrective Action(s)
Host based firewall is not installed Deploy Windows firewall policy.
Host based firewall is not enabled Deploy the Windows firewall policy that enables the Windows firewall for all profiles (Domain, Public, and Private).

Contact Support

To contact Tanium Support for help, send an email to [email protected].