Reference: Checking installation status on endpoints
The Threat Response - Status sensor displays detailed information about the status of Threat Response installations on each endpoint.
The Threat Response - Status sensor output is organized in three columns: Component, Key, and Value.
Components are logical portions of the Threat Response solution, and include: The Detect Engine, Event Recorder, Incident Response, and Index.
Threat Response is listed as the Component for two rows that pertain to the entirety of Threat Response Product: the Active Profile and Overall Status.
|Key||Keys name an aspect of a component whose status is displayed in a corresponding value.|
|Value||Values display the status of a particular key.
For example, the component Detect Engine has a key named Can use Signals that can have a value of either true or false.
The Threat Response - Status sensor displays a component status for each Threat Response component in addition to an overall status. For Windows endpoints, the following component status values are possible:
The component is working properly.
Windows Package Required
The component is not installed, or requires an install to either fix a problem or to be updated to a more recent version.
The component is disabled.
Windows Attention Needed
The endpoint requires attention before the component can function. Reinstalling the component does not resolve the problem.
For example, the Windows Attention Needed status displays if an endpoint does not have sufficient free disk space as required by the Threat Response component.
For non-Windows endpoints, the statuses are identical except that Windows is replaced with the name of the operating system, for example, Linux or Mac.
Last updated: 8/12/2020 2:47 PM | Feedback