Thread Info
  • State Not Answered
  • Locked Locked
  • Replies 7 replies
  • Subscribers 2 subscribers
  • Views 16100 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exploit Prevention Status Inactive

Sophoan KHIEU

Dear Sirs,

 

Please kindly advise related issue Exploit Prevention Status Inactive on some connected clients.

 

With thanks,



This thread was automatically locked due to age.
Parents
  • 0

    Hello Sophoan KHIEU,

    under the Exploit Prevention tab the Exploit prevention status is Inactive - what does the Exploit prevention policy column show? Also please open View Computer Details for (at least one of) the affected endpoints and check for Outstanding alerts and errors.

    Christian

Reply
  • 0

    Hello Sophoan KHIEU,

    under the Exploit Prevention tab the Exploit prevention status is Inactive - what does the Exploit prevention policy column show? Also please open View Computer Details for (at least one of) the affected endpoints and check for Outstanding alerts and errors.

    Christian

Children
  • 0 in reply to QC

    Dear Sir,

     

    Could you please find the screenshot for your advise.

     

    Thank you so much and all the best!

     

  • 0 in reply to Sophoan KHIEU

    Hello Sophoan KHIEU,

    thanks, the Exploit prevention policy column is missing from the first screenshot though. Could you please provide a screenshot with this column (and perhaps the Exploit prevention agent version as well)?

    Assuming the Alerts and errors list is complete there seems to be no download or installation issue.

    Christian

  • 0 in reply to Sophoan KHIEU

    Dear Sir,

     

    There is no Outstanding alerts and errors on some client.

    With thanks,

    View Compuyter Detail.zip

  • 0 in reply to Sophoan KHIEU

    Hello Sophoan KHIEU,

    thanks. Now looking at the details I see:

    Exploit prevention status Inactive
    Exploit prevention policy compliance Same as policy                   

     

     

    This looks like Exploit Prevention is disabled in the policy. Please check which EXP policy is assigned to this group (\Global Group\Computers) and whether EXP is enabled or not.

    Christian

  • 0 in reply to QC

    Dear Sir,

     

    Thank you so  much for your immediate repose.

    All client computer is assigned in one group but only about 10 clients with Exploit Prevention status inactive.

     

    With Best regards,

  • 0 in reply to Sophoan KHIEU

    Hello Sophoan KHIEU,

    I see 9 endpoint Inactive, two Partially disabled and the rest with no status at all. The latter suggests that EXP hasn't been installed on them. I don't yet have EXP installed so I can only guess what Partially disabled signifies - the policy has (been) changed from Enabled to Disabled and a reboot is required to completely deactivate EXP.
    Could you open the Exploit prevention policy and provide a screenshot of it? Is your EXP license active (though I assume SEC should warn you in this case)?

    Christian

Unfiltered HTML