Who is this article for?
CrashPlan for Small Business, no.
Code42 for Enterprise, yes.
Link: Product plans and features.
This article applies to Cloud.
The Endpoints Not Reporting Security Events tile of the Endpoint dashboard shows you how many devices are not sending file event data to Forensic File Search. This article gives examples of what you can do to resolve endpoints that are in a warning or critical state:
- Warning: Endpoints not reporting security events for at least four days.
- Critical: Endpoints not reporting security events for at least ten days.
Why endpoints appear on this graph
An endpoint may not send security events for several reasons, including:
- The endpoint has been turned off for more than four days. Common reasons include:
- The endpoint's owner is on vacation.
- The endpoint is a lab or training machine that is offline or not used frequently.
- The endpoint is no longer in use (for example, the employee left the company or received a new device).
- The Code42 app cannot establish a network connection to the Code42 cloud.
- The Code42 app is not running properly. For example:
- A recent upgrade left the Code42 app in an inoperable state.
- The Code42 service has been disabled on the endpoint.
- The endpoint is idle and there is no file activity to generate security events.
- Forensic File Search was just enabled in your Code42 environment. Upon first enabling Forensic File Search, you may see many devices in a warning or critical state. As Forensic File Search starts receiving events from the new endpoints, the number of endpoints in a warning or critical state will decrease.
Resolve endpoints in a warning or critical state
To resolve endpoints in your Code42 environment in a warning or critical state for not reporting events to Forensic File Search, follow the steps below.
Step 1: Export the list of endpoints
- Sign in to the administration console.
- Select Administration > Dashboards > Endpoint.
- On the Endpoints Not Reporting Security Events tile, select either Warning or Critical.
- Click any bar on the graph to open the data summary table for that day. (To ensure you export endpoints currently in a warning or critical state, click the most recent date.)
- Click Export.
A CSV file of all affected endpoints for that day is downloaded to your device. The CSV file lists the username, hostname, health status of the device, and the number of days since the last file activity was recorded.
Step 2: Troubleshoot each endpoint
- Open the CSV file downloaded in Step 1.
- Using the username and hostname columns, identify the owner of the endpoint.
- Check with the employee's manager to determine if the device is in use and expected to be online.
- If the device is still active:
- If the device is no longer in use, deactivate it in the Code42 administration console.