Endpoint Protection

At random intervals we get notifications that some of our servers (and each time it's different servers) have Download Insight component that's malfunctioning, it also shows that the Intrusion Prevention component is malfunctioning as well.

We're using SEPM Version 12.1.1000.157 RU1

I've done some research and it seems that between those two components, if the one fails the other does as well.

We have Download Insight configured at Level 5 for all servers BUT we don't have Intrusion Prevention enabled because we already have a physical IPS device connected to our domain, and Best Practise suggests you only have one device configured.

So I need to compile a RCA as to why the Download Insight/Intrusion Prevention components malfunctioning so regularly at random times on random servers?

I know how to fix the problem, I need to know what might cause this and obviously how we can prevent it?

Thank you

Run the SymHelp tool on the system and see if any errors are returned.

You may need to turn on WPP logging to get a better detail.

open a support ticket and collect the information.

does refresh goes off the message?

I ran the SymHelp tool on a server that last gave the problem and it picked up the following.

But it doesn't really make sense because there is no comms issues between the server and the client. I checked the troubleshooting steps and confirmed that the client has the latest def update, it's green and the policy number matches with that of the manager.

But like I said, it's random servers everytime. I'm not sure that if IPS is disabled by (our) policy that it will affect Download Insight (not disabled by our policy) when it's definitions are updated? That's the only thing I can think of.....

Hi, 

For RCA you may need to open a support ticket and work with support team.

Regards

Ajin

I will do that thank you