Reference: Checking installation status on endpoints
The Health Status page displays issues that have occurred in a Threat Response environment, and provides actions that you can take to remediate. Any encountered issues display in the order of their significance to help prioritize remediation actions. The results displayed on the Health Status page refresh every 12 minutes (720 seconds).
- From the Threat Response menu, click Management > Health Status.
- If multiple issues have been encountered, start a the top of the list and expand the issue you want to remediate.
- The Threat Response component where the issue has occurred appears along with a description of the issue, the number and types of endpoints on which it occurs, and a remediation action.
- Click the remediation action button in the Actions column.
Additionally, the Threat Response - Status sensor displays detailed information about the status of Threat Response installations on each endpoint.
The Threat Response - Status sensor output is organized in three columns: Component, Key, and Value.
Components are logical portions of the Threat Response solution, and include: The Detect Engine, Event Recorder, Incident Response, and Index.
Threat Response is listed as the Component for two rows that pertain to the entirety of Threat Response Product: the Active Profile and Overall Status.
|Key||Keys name an aspect of a component whose status appears in a corresponding value.|
|Value||Values display the status of a particular key.
For example, the component Detect Engine has a key named Can use Signals that can have a value of either true or false.
The Threat Response - Status sensor displays a component status for each Threat Response component in addition to an overall status. For Windows endpoints, the following component status values are possible:
The component is working properly.
Windows Package Required
The component is not installed, or requires an install to either fix a problem or to be updated to a more recent version.
The component is disabled.
Windows Attention Needed
The endpoint requires attention before the component can function. Reinstalling the component does not resolve the problem.
For example, the Windows Attention Needed status appears if an endpoint does not have sufficient free disk space as required by the Threat Response component.
For non-Windows endpoints, the statuses are identical except that Windows is replaced with the name of the operating system, for example, Linux or Mac.
Last updated: 10/16/2020 2:09 PM | Feedback