10-24-2022 10:24 AM
Hi,
Some Agents in Cortex DXR disappears then shows up after few days - no pattern at all
If my understanding is correct, if the Agents are disconnected or there's a connection lost, the Endpoint Status column will dictate it.
But the Agents in question are not. As in they're like "ghosts" that shows up then after some time disappears.
What could be the possible cause and/or ways to remediate this?
10-24-2022 10:55 AM
Hi @katiea ,
Thank you for writing to live community!
From your statement, your understanding is correct that the endpoints which are disconnected will show as disconnected and the ones which have lost connectivity will stay as connection lost until they connect or till the time they hit the agent deletion limit after which the agents entries are removed completely from the Endpoints Administration page(along with other data).
Based on your issue description, there is also a possibility that you might have Endpoint Administration Cleanup enabled and periodically set to delete duplicate entries on your tenant in the Global Agent Settings. This (if enabled) will cleanup agents from the Endpoints Administration page based on three listed parameters or the combination of the listed parameters:
We would request you kindly check if this is set to enabled and probably try disabling it to see if your issue is resolved.
To navigate, Click on the Gear Icon>Configurations>Agent Configurations>Endpoint Administration Cleanup> Check if it is set to enabled and try disabling it.
Hope this answers your question and please mark "Accept as Solution" if it does.
Best Regards.
10-25-2022 11:26 AM - edited 10-25-2022 11:28 AM
Hi,
Thank you for this. But upon checking, Endpoint Administration Cleanup is disabled.
10-26-2022 12:01 AM
Hi @katiea ,
It is also possible to perform one time cleanup manually. Can you also check in the management audit logs if someone is using that option by any chance. If not, can you also let us know if you are able to find the list of hosts in question as uninstalled status by any chance?
10-28-2022 11:15 AM
Hi @neelrohit
They are not also in uninstalled status. I apologize as I forgot to mention that when we tried to extract, and look into it in via Excel, it does not really appear. In short, in any status the machines won't show.
10-29-2022 02:15 AM
Hi @katiea ,
So, if I understand correctly, you have been looking into Excel sheets all this long and you have found out that the entries disappear in the excel sheet, but are in the console and sometimes, those entries populate themselves upon the list extraction in tsv?
Regards
10-31-2022 08:42 AM
Hi @katiea
If the timeout for deleting the endpoints that do not connect for days is very low, it might be that they dissapear and appear again. I dont think that this will be the issue though. By default this option is set to 180days.
Could it be that sometimes you have a filter set and some of the endpoints are filtered out and not shown ?
These are little mistakes that sometimes might drive us crazy
KR,
Luis
11-02-2022 10:27 AM
Hi @eluis ,
For this one, prior extraction the filters have been removed. It just drives us a nearly crazy on why the machines are like mushrooms that they totally disappear with no status whatsoever and then appears again.
11-02-2022 10:29 AM
Hi @neelrohit ,
Apologies as I got confused with your question.
Bottomline is that there are days that the machines are disappeared (as in no trace whatsoever) and the after some time they will be on the endpoints list again.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
