Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2225
Views
0
Helpful
3
Replies

Endpoints randomly go missing in Secure Endpoint/AMP Dashboard

JarrodCarr3741
Level 1
Level 1

‎08-31-2021 07:43 AM

Experiencing an issue where certain endpoints cannot be located from any search function in the Secure Endpoint dashboard.  There have been a few endpoints where I've wanted to investigate that have the agent installed, either version 7.4.3.20679 or 7.4.1.20439 from what I can tell, where the endpoints have the connector installed with no errors in Windows Security settings.  Going into the Secure Endpoint window on the endpoint also shows that the policy is synced and up to date.  These endpoints are not in any other policy/group either, isolated, etc.

 

The only solution right now seems to be to uninstall the connector completely and reinstall the same version.  Is there anyone else having a similar issue as of late, and if there's any additional fix for this instead of manually reinstalling the connector?  I run reports regularly to make sure our endpoints are checking in with our SIEM, comparing the list of active endpoints with what is on SE, which leads to random discrepancies. Any help would be appreciated. Thanks!

 

Labels:
0 Helpful
3 Replies 3

Ken Stieers
VIP
VIP

‎08-31-2021 07:54 AM

Anything in the AMP audit logs?

0 Helpful

JarrodCarr3741
Level 1
Level 1
In response to Ken Stieers

‎08-31-2021 10:35 AM

Thank you for the reply,

 

I looked through the audit logs and found no entry for a specific endpoint in question -- I've looked through the Computer --> Update/Create/Delete and shows no record of those endpoints ever being created.

 

However, I have no idea if this has any relation, but going through the audit logs, I have found entries for a large number of endpoints which were domain-joined with a generic name, but I would assume that if the endpoint was renamed, it would be reflected when syncing with AMP, correct?

 

I've only noticed that when looking at the logs, but the ones in question act as if they don't exist, but the service runs just fine locally on the endpoint itself.  Thanks!

0 Helpful

Ken Stieers
VIP
VIP
In response to JarrodCarr3741

‎08-31-2021 11:00 AM

That might be where the issue is...
How is your identity persistence set up? If name based, you probably don't want to install AMP until they have their permanent name
I'm not sure how MAC based persistence works/if it reports names...
Ken
0 Helpful
Customers Also Viewed These Support Documents