Reference: Checking installation status on endpoints

The Health Status page displays issues that have occurred in a Threat Response environment, and provides actions that you can take to remediate. Any encountered issues display in the order of their significance to help prioritize remediation actions. The results displayed on the Health Status page refresh every 12 minutes (720 seconds).

  1. From the Threat Response menu, click Management > Health Status.
  2. If multiple issues have been encountered, start a the top of the list and expand the issue you want to remediate.
  3. The Threat Response component where the issue has occurred appears along with a description of the issue, the number and types of endpoints on which it occurs, and a remediation action.
  4. Click the remediation action button in the Actions column.

Additionally, the Threat Response - Status sensor displays detailed information about the status of Threat Response installations on each endpoint.

The Threat Response - Status sensor output is organized in three columns: Component, Key, and Value.

Component Components are logical portions of the Threat Response solution, and include: The Detect Engine, Event Recorder, Incident Response, and Index.

Threat Response is listed as the Component for two rows that pertain to the entirety of Threat Response Product: the Active Profile and Overall Status.

Key Keys name an aspect of a component whose status appears in a corresponding value.
Value Values display the status of a particular key.

For example, the component Detect Engine has a key named Can use Signals that can have a value of either true or false.

The Threat Response - Status sensor displays a component status for each Threat Response component in addition to an overall status. For Windows endpoints, the following component status values are possible:

Windows Nominal

The component is working properly.

Windows Package Required

The component is not installed, or requires an install to either fix a problem or to be updated to a more recent version.

Windows Disabled

The component is disabled.

Windows Attention Needed

The endpoint requires attention before the component can function. Reinstalling the component does not resolve the problem.

For example, the Windows Attention Needed status appears if an endpoint does not have sufficient free disk space as required by the Threat Response component.

For non-Windows endpoints, the statuses are identical except that Windows is replaced with the name of the operating system, for example, Linux or Mac.