Reference: Checking installation status on endpoints

The Threat Response - Status sensor displays detailed information about the status of Threat Response installations on each endpoint.

The Threat Response - Status sensor output is organized in three columns: Component, Key, and Value.

Component Components are logical portions of the Threat Response solution, and include: The Detect Engine, Event Recorder, Incident Response, and Index.

Threat Response is listed as the Component for two rows that pertain to the entirety of Threat Response Product: the Active Profile and Overall Status.

Key Keys name an aspect of a component whose status is displayed in a corresponding value.
Value Values display the status of a particular key.

For example, the component Detect Engine has a key named Can use Signals that can have a value of either true or false.

The Threat Response - Status sensor displays a component status for each Threat Response component in addition to an overall status. For Windows endpoints, the following component status values are possible:

Windows Nominal

The component is working properly.

Windows Package Required

The component is not installed, or requires an install to either fix a problem or to be updated to a more recent version.

Windows Disabled

The component is disabled.

Windows Attention Needed

The endpoint requires attention before the component can function. Reinstalling the component does not resolve the problem.

For example, the Windows Attention Needed status displays if an endpoint does not have sufficient free disk space as required by the Threat Response component.

For non-Windows endpoints, the statuses are identical except that Windows is replaced with the name of the operating system, for example, Linux or Mac.

Last updated: 8/12/2020 2:47 PM | Feedback