Skip to main content

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

HOME
GETTING STARTED
RELEASE NOTES
FAQs
APIs
SYSTEM STATUS
Code42 Support

Resolve endpoints that are not reporting security events

Who is this article for?

Incydr
Code42 for Enterprise
CrashPlan for Enterprise
CrashPlan for Small Business

Incydr, yes.

CrashPlan for Enterprise, no.

Code42 for Enterprise, yes.

CrashPlan for Small Business, no.

This article applies to Code42 cloud environments.

Overview

The Endpoints Not Reporting Security Events tile of the Endpoint dashboard shows you how many devices are not sending file event data to Code42. This article gives examples of what you can do to resolve endpoints that are in a warning or critical state:

  • Warning: Endpoints not reporting security events for at least 4 days.
  • Critical: Endpoints not reporting security events for at least 10 days.

Endpoints Not Reporting Security Events

Considerations

  • To resolve endpoints that are not reporting security events, you must have roles that provide the necessary permissions. We recommend you use the roles in our use case for managing a security application integrated with Code42
  • This functionality is available only when supported by your product plan. Contact your Customer Success Manager (CSM) for assistance with licensing, or to upgrade to the Incydr Advanced product plan for a free trial​​​. If you don't know who your CSM is, email csmsupport@code42.com

Why endpoints appear on this graph

An endpoint may not send security events for several reasons, including:

  • The endpoint has been turned off for more than 4 days. Common reasons include:
    • The endpoint's owner is on vacation.
    • The endpoint is a lab or training machine that is offline or not used frequently.
    • The endpoint is no longer in use (for example, the employee left the company or received a new device).
  • The Code42 app cannot establish a network connection to the Code42 cloud.
  • The Code42 app is not running properly. For example:
    • A recent upgrade left the Code42 app in an inoperable state.
    • The Code42 service has been disabled on the endpoint.
  • The endpoint is idle and there is no file activity to generate security events.
  • File Metadata Collection was just enabled in your Code42 environment. Upon first enabling File Metadata Collection, you may see many devices in a warning or critical state. As Code42 starts receiving events from the new endpoints, the number of endpoints in a warning or critical state will decrease.

Resolve endpoints in a warning or critical state

To resolve endpoints in your Code42 environment in a warning or critical state for not reporting events to Code42, follow the steps below.

Step 1: Export the list of endpoints

  1. Sign in to the Code42 console
  2. Select Administration > Dashboards > Endpoint.
  3. On the Endpoints Not Reporting Security Events tile, select either Warning or Critical
  4. Click any bar on the graph to open the data summary table for that day. (To ensure you export endpoints currently in a warning or critical state, click the most recent date.)
  5. Click Export.
    A CSV file of all affected endpoints for that day is downloaded to your device. The CSV file lists the username, hostname, health status of the device, and the number of days since the last file activity was recorded.

Step 2: Troubleshoot each endpoint

  1. Open the CSV file downloaded in Step 1.
  2. Using the username and hostname columns, identify the owner of the endpoint.
  3. Check with the employee's manager to determine if the device is in use and expected to be online.
    • If the device is still active:
      • Test the network connection on each endpoint to ensure it can connect to the Code42 cloud.
      • Check the status of the Code42 app via your device management tool (such as SCCM or Jamf) to verify the Code42 service is enabled.
    • If the device is no longer in use, deactivate it in the Code42 console.

Step 3: Contact Support

If the troubleshooting steps above do not resolve the issue for an endpoint:

  1. Collect the logs from the Code42 app. 
  2. Contact our Customer Champions for support
  • Was this article helpful?