Troubleshooting Investigation Status

Command waiting to be deployed.

Endpoint has been queued for investigation. Endpoint Sensor updates the status once the investigation command is sent to the agent.

Command in progress.

Endpoint is being investigated. Wait for the investigation to finish.

An endpoint error has occurred.

Endpoint is online, but the Endpoint Sensor agent encountered an error.

Canceled due to timeout.

No response was received from the endpoint and the timeout period has been reached. After the timeout period, the Endpoint Sensor server stops sending the command, and excludes the endpoint from the current investigation.

To investigate the endpoint again, include the endpoint in a new investigation. Before performing the new investigation, perform any of the following:

• Check that the endpoint is running and that the agent is properly installed.

• By default, the timeout period is set to 86400 seconds (24 hours). This value is set by the Expiration parameter. Increase this value if the selected endpoint requires more than 24 hours to send a response.

  For details, see Modifying the Expiration value.

Canceled due to error

An unknown error has occurred and Endpoint Sensor has canceled the investigation for the endpoint.

Once Endpoint Sensor cancels the investigation for an endpoint, it excludes the endpoint from the current investigation. To investigate the endpoint again, include the endpoint in a new investigation. Before performing the new investigation, perform any of the following:

• Check that the endpoint is running and that the agent is properly installed.

• Restart the endpoint, and then run the investigation again.

Canceled due to user interaction

The user has manually canceled the investigation for the endpoint.

Once Endpoint Sensor cancels the investigation for an endpoint, it excludes the endpoint from the current investigation. To investigate the endpoint again, include the endpoint in a new investigation.