This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exploit Prevention Status Inactive

Dear Sirs,

 

Please kindly advise related issue Exploit Prevention Status Inactive on some connected clients.

 

With thanks,



This thread was automatically locked due to age.
Parents Reply Children
  • Hello Sophoan KHIEU,

    thanks, the Exploit prevention policy column is missing from the first screenshot though. Could you please provide a screenshot with this column (and perhaps the Exploit prevention agent version as well)?

    Assuming the Alerts and errors list is complete there seems to be no download or installation issue.

    Christian

  • Dear Sir,

     

    There is no Outstanding alerts and errors on some client.

    With thanks,

    View Compuyter Detail.zip

  • Hello Sophoan KHIEU,

    thanks. Now looking at the details I see:

    Exploit prevention status Inactive
    Exploit prevention policy compliance Same as policy                   

     

     

    This looks like Exploit Prevention is disabled in the policy. Please check which EXP policy is assigned to this group (\Global Group\Computers) and whether EXP is enabled or not.

    Christian

  • Dear Sir,

     

    Thank you so  much for your immediate repose.

    All client computer is assigned in one group but only about 10 clients with Exploit Prevention status inactive.

     

    With Best regards,

  • Hello Sophoan KHIEU,

    I see 9 endpoint Inactive, two Partially disabled and the rest with no status at all. The latter suggests that EXP hasn't been installed on them. I don't yet have EXP installed so I can only guess what Partially disabled signifies - the policy has (been) changed from Enabled to Disabled and a reboot is required to completely deactivate EXP.
    Could you open the Exploit prevention policy and provide a screenshot of it? Is your EXP license active (though I assume SEC should warn you in this case)?

    Christian