Skip to main content

Who is this article for?

Incydr Professional, Enterprise, Horizon, and Gov F2
Incydr Basic, Advanced, and Gov F1

Find your product plan in the Code42 console on the Account menu.

Instructor, no.

Incydr Professional, Enterprise, Horizon, and Gov F2, no.

Incydr Basic, Advanced, and Gov F1, yes.

Code42 Support

Resolve endpoints that are not reporting security events


The Endpoints not reporting security events tile of the Endpoint dashboard shows you how many devices are not sending file event data to Code42. This article gives examples of what you can do to resolve endpoints that are in a warning or critical state:

  • Warning: Endpoints not reporting security events for at least 4 days.
  • Critical: Endpoints not reporting security events for at least 10 days.

Endpoints not reporting security events


Why endpoints appear on this graph

An endpoint may not send security events for several reasons, including:

  • The endpoint has been turned off for more than 4 days. Common reasons include:
    • The endpoint's owner is on vacation.
    • The endpoint is a lab or training machine that is offline or not used frequently.
    • The endpoint is no longer in use (for example, the employee left the company or received a new device).
  • The Code42 app cannot establish a network connection to the Code42 cloud.
  • The Code42 app is not running properly. For example:
    • A recent upgrade left the Code42 app in an inoperable state.
    • The Code42 service has been disabled on the endpoint.
  • The endpoint is idle and there is no file activity to generate security events.
  • File Metadata Collection was just enabled in your Code42 environment. Upon first enabling File Metadata Collection, you may see many devices in a warning or critical state. As Code42 starts receiving events from the new endpoints, the number of endpoints in a warning or critical state will decrease.

Resolve endpoints in a warning or critical state

To resolve endpoints in your Code42 environment in a warning or critical state for not reporting events to Code42, follow the steps below.

Step 1: Export the list of endpoints

  1. Sign in to the Code42 console
  2. Select Administration > Status > Endpoint Dashboard.
  3. On the Endpoints not reporting security events tile, select either Warning or Critical
  4. Click any bar on the graph to open the data summary table for that day. (To ensure you export endpoints currently in a warning or critical state, click the most recent date.)
  5. Click Export.
    A CSV file of all affected endpoints for that day is downloaded to your device. The CSV file lists the username, hostname, health status of the device, and the number of days since the last file activity was recorded.

Step 2: Troubleshoot each endpoint

  1. Open the CSV file downloaded in Step 1.
  2. Using the username and hostname columns, identify the owner of the endpoint.
  3. Check with the employee's manager to determine if the device is in use and expected to be online.
    • If the device is still active:
      • Test the network connection on each endpoint to ensure it can connect to the Code42 cloud.
      • Check the status of the Code42 app via your device management tool (such as SCCM or Jamf) to verify the Code42 service is enabled.
    • If the device is no longer in use, deactivate it in the Code42 console.

Step 3: Contact Support

If the troubleshooting steps above do not resolve the issue for an endpoint:

  1. Collect the logs from the Code42 app. 
  2. Contact our Technical Support Engineers
  • Was this article helpful?