Endpoint Status

Endpoint Status

The following events trigger Threat Management Agent to report the security status of an endpoint to Threat Mitigator:

• An agent sends a heartbeat message to Threat Mitigator. A heartbeat message informs Threat Mitigator that a specific agent is up and running. The interval for sending heartbeat messages is configured in the Agent Settings screen.

• Users run endpoint reassessment by clicking the agent icon in the endpoint’s system tray and selecting Reassess. After reassessment, the time for sending the next heartbeat message is re-calculated.

Monitor the security status of endpoints from the Endpoint Status screen. In this screen, you can search for:

• All endpoints

• An endpoint by its host name or IP address

• Endpoints with agents connected to Threat Mitigator

• Endpoints with agents disconnected from Threat Mitigator

• Endpoints with outdated agent versions

• Quarantined endpoints

• Non-compliant endpoints

• Endpoints can only be quarantined or assessed against compliance to security assessment rules if you have security enforcement as part of your protection strategy.

• Endpoints without Threat Management Agent installed

To query endpoints:

• Endpoint Status

1. Select a search criteria in Endpoint status.

2. If you select IP address/Host name, you can type:

• One or several valid IP addresses. Separate IP addresses by commas.

• A partial IP address (for example, typing 192.168.0 queries all endpoints with IP addresses 192.168.0.1 to 192.168.0.255)

• A complete or partial host name

• If you specify a partial host name, the product only returns host names starting with the characters you typed. For example, typing "endpoint" returns "endpoint_001" and "endpoint_002", but does not return "jp_endpoint".

3. Click Search. Endpoints that meet the search criteria display in the table in the screen.

4. To view endpoint details and security violations, click the endpoint’s IP address under the IP Address column.

5. Check for endpoints with the following status:

   Endpoint status that requires attention

   Column Name	Status	Recommended Action
   Agent Version	An endpoint with N/A as its status does not have the agent installed.	Install the agent using the available agent installation methods. Also check the current agent version from the Manual Updates or Scheduled Updates screen. If the agent installed in an endpoint has an older version, upgrade the agent.
   Connectivity	A green icon indicates that the endpoint can connect to Threat Mitigator.	None
   Connectivity	A red icon indicates that the endpoint is disconnected from Threat Mitigator and therefore cannot run mitigation tasks. For details, see Disconnected Endpoints.	Verify the connection by clicking the icon. The icon turns green if connection was restored.
   Quarantine	A lock icon with an hourglass symbol indicates that the endpoint is currently being quarantined because: There are unresolved threats in the endpoint after post-assessment cleanup. OR The endpoint violated at least one security assessment rule.	Check the Security Enforcement Issue column to see why the endpoint was quarantined.
   Quarantine	A lock icon indicates that the endpoint has been quarantined.	Check the Security Enforcement Issue column to see why the endpoint was quarantined.
   Quarantine	An unlock icon with an hourglass symbol indicates that the endpoint is being released from quarantine because: The agent has resolved all unresolved threats. OR The endpoint has complied with security assessment rules.	None
   Security Rules	A green check mark indicates that the endpoint complies with security assessment rules and does not have unresolved threats.	None
   Security Rules	A red "x" icon indicates that the endpoint violated at least one security assessment rule or has unresolved threats.	Check the Security Enforcement Issue column to see why the endpoint became non-compliant.
   Security Enforcement Issue	None: This status indicates that the endpoint complies with security assessment rules or does not have unresolved threats.	None
   Security Enforcement Issue	No security software installed: This status indicates a violation to the Antivirus Product Scan rule.	Install any of the security software listed in the Enforcement Settings screen. When the required software has been installed, a quarantined endpoint is automatically released from quarantine.
   Security Enforcement Issue	Virus Pattern requires an update: This status indicates a violation to the Antivirus Version Scan rule.	Update the pattern immediately. For a list of required pattern versions, check the Enforcement Settings screen. When the pattern has been updated, a quarantined endpoint is automatically released from quarantine.
   Security Enforcement Issue	Known vulnerabilities detected: This status indicates a violation to the Vulnerability Scan rule.	Install the required patches to address the vulnerabilities. For a list of vulnerabilities that Threat Mitigator currently monitors, check the Enforcement Settings screen. When the required patches have been installed, a quarantined endpoint is automatically released from quarantine.
   Security Enforcement Issue	Missing AND/OR prohibited Registry Key: This status indicates a violation to the Registry Key Scan rule.	Restore the missing registry key or remove the prohibited one. You may need to install software that has been uninstalled to restore a registry key or uninstall prohibited software to remove a registry key. For a list of required and prohibited registry keys, check the Enforcement Settings screen. When the registry key has been restored or removed, a quarantined endpoint is automatically released from quarantine.
   Security Enforcement Issue	Unsuccessful post-assessment cleanup: This status means that the agent was unable to resolve all threats or encountered problems during post-assessment cleanup.	Check if a custom solution is available and then run custom cleanup on the endpoint. If custom cleanup is successful on a quarantined endpoint, navigate to the Threat Management screen to manually release the endpoint from quarantine.