Hello,
As long as the Agent is running and has a current set of policies, we will still detect any violations when the computer is off the corporate network. The incidents are stored locally, and when it re-connects to the corporate network, the incidents will be transmitted to the Endpoint Server for processing. If the user is using a channel that you are not monitoring, the incidents will not be detected. For example, if your user was using https and you did not have https checked in your agent configuration.
I hope this helps.
Best,
Ryan