We have pushed updates to the AMP connectors in our server policy around our scheduled maintenance window. During the Window, the servers were updated and restarted as required by both the updates and the connector. Upon reboot, the warning triggered saying that it requires a reboot even though the reboot had completed successfully. The former connector version was approximately 6.3.x and is now on the latest (7.1.7.X). We have a limited window of time to push updates so it's going to be hard to reboot again. 

I was able to download the list of devices showing reboot required, write a script to enable the service and then ran a quick scan on the devices. I can see when they check in and pull new definitions, so I think the connector itself is okay, but the warning makes me worry that it isn't actually active. Anyone having this same issue? The OSs the device are running against are a mixture of Server 2016, 2012 and 2008R2 (which I am aware is EOL... don't ask me. It's the customer). Same behavior persists on Windows Connectors for workstation endpoints (Windows 10, and 7). 

I have seen the following articles that somewhat address this issue but they appear to be dated by some time:

https://community.cisco.com/t5/endpoint-security/cisco-amp-connector-update/m-p/3934736 

This is to say I have not tried the full shutdown method as I am not the sysadmin and have no access to their virtual environment to manually bring up these servers. I'd hate to come to the customer to do a hard-kill on some of these devices, so I am hoping this has been addressed in 2020.