Troubleshooting

Collect logs

To collect logs required for troubleshooting

  1. At the top right of the Home page, click the Help icon .
  2. Click the Troubleshooting tab.
  3. Click Collect and then click Download to get the zipped file required by Tanium to assist you with troubleshooting.

View usage statistics

At the top right of the Home page, click Info . Protect usage statistics shown under the About tab can also assist with troubleshooting.

Enable Microsoft System Center Endpoint Protection (SCEP) Installation

Anti-malware policies require that either SCEP or Windows Defender is installed on endpoints. When you are creating an Anti-malware rule and the SCEP Installation option is enabled, enforcing an Anti-malware policy automatically installs SCEP on endpoints that do not support Windows Defender. However, you will receive an error if you have not uploaded an installer file.

Go to the Anti-Malware Settings page and click Choose Installer or Update Installer to specify the location of the installer file to be uploaded as described in Microsoft System Center Endpoint Protection (SCEP) Installation.

This error can also appear on the Policies page or on the Anti-Malware Settings page. Use the same process described above to resolve it.

Uninstall Protect

In some instances, if you decide to uninstall Protect, you might need to disable associated firewall policies and SRP rules to ensure they are cleanly removed from endpoints. Consult with your TAM to determine whether these steps are required. If so, you need to deploy actions including the following two packages that were created when Protect was installed:

  • Disable Tanium Protect Software Restriction Policies
  • Remove Protect Firewall Rules

To complete a clean uninstall and removal of Protect policies, you must uninstall Protect before you disable the associated firewall policies and SRP rules.

  1. From the Main menu, click Tanium Solutions.
  2. Under Protect, click Uninstall.
  3. Review the content that will be removed and click Uninstall.
  4. Depending on your configuration, enter your password or click Yes to start the uninstall process.
  5. Return to the Tanium Solutions page and verify that the Import button is available for Protect.

Disable and remove Protect policies

After consultation with your TAM, you might be required to disable Protect policies after you uninstall Protect. This can occur if some endpoints are offline when you uninstall Protect. For more detailed information on packages and deploying actions, see Tanium Platform User Guide: Managing Scheduled Actions and Tanium Platform User Guide: Managing and creating Packages.

To disable and remove Protect policies, you must first find all of the endpoints that are online and then deploy the removal packages.

  1. From the Main menu, click Interact.
  2. Ask a question to target the endpoints from which you want to Protect policies. For example, Get Protect - Tools Version from all machines.
  3. Select the row for the endpoints from which you want to remove the Protect policies.
  4. Click Deploy Action.
  5. On the Deploy Action page, enter Protect in the Enter package name here field.
  6. Select the Disable Tanium Protect Software Restriction Policies Package.
  7. Click Show preview to continue at the bottom of the Deploy Action page.
  8. Click Deploy Action and enter your credentials. The Action Summary page appears.
  9. Repeat these steps, but select and deploy the Remove Protect Firewall Rules package.

The Disable Tanium Protect Software Restriction Policies package removes all SRP rules created by Protect. It does not disable SRP on the endpoint. Likewise, the Remove Protect Firewall Rules package removes all firewall rules created by Protect. It does not disable the firewall on the endpoint.

Consult with your TAM before uninstalling Protect and disabling Protect policies.

Last updated: 11/5/2019 4:19 PM | Feedback