Is there any way to force a policy check on an endpoint?
I have created a new Policy Rule and assigned a new set of Policy Profiles to it. I then assigned specific endpoints to this Policy Rule and the rule is #1 in the policy order tab.
The problem I am facing is that the targeted computers do not seem to receive the new policy.
YES, the rule is ENABLED 😉
Thanks for your time.
What do you mean with 'computers does not seem to receive policy' ?
Whenever there is some file execution, Cortex XDR will initiate its soo called File Analysis and Protection Flow, which evaluates it's decision based on the defined profiles within the policies applied to the given endpoint.
You should be able to force a policy check-in using by leveraging the script execution abilities of the agent. You can initiate a cytool checkin command. More info can be found at:
On your underlying issue, have you verified that the affected endpoints fall into the collection/group where the policy rule is applied. If you look at the agent details:
1. Do the endpoints show as online?
2. Does it show the policy applied ?
3. If you initiate a check-in from the endpoint itself, do you see successful communication?
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!