This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Exploit Prevention Status Inactive

Sophoan KHIEU over 7 years ago

Dear Sirs,

Please kindly advise related issue Exploit Prevention Status Inactive on some connected clients.

With thanks,

This thread was automatically locked due to age.

Parents

0 QC over 7 years ago

Hello Sophoan KHIEU,

under the Exploit Prevention tab the Exploit prevention status is Inactive - what does the Exploit prevention policy column show? Also please open View Computer Details for (at least one of) the affected endpoints and check for Outstanding alerts and errors.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophoan KHIEU over 7 years ago in reply to QC

Dear Sir,

Could you please find the screenshot for your advise.

Thank you so much and all the best!
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 7 years ago in reply to Sophoan KHIEU

Hello Sophoan KHIEU,

thanks, the Exploit prevention policy column is missing from the first screenshot though. Could you please provide a screenshot with this column (and perhaps the Exploit prevention agent version as well)?

Assuming the Alerts and errors list is complete there seems to be no download or installation issue.

Christian
Cancel
Vote Up 0 Vote Down

Cancel
0 Sophoan KHIEU over 7 years ago in reply to Sophoan KHIEU

Dear Sir,

There is no Outstanding alerts and errors on some client.

With thanks,

View Compuyter Detail.zip
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 7 years ago in reply to Sophoan KHIEU

Hello Sophoan KHIEU,

thanks. Now looking at the details I see:

Exploit prevention status Inactive

Exploit prevention policy compliance Same as policy

This looks like Exploit Prevention is disabled in the policy. Please check which EXP policy is assigned to this group (\Global Group\Computers) and whether EXP is enabled or not.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Reply

0 QC over 7 years ago in reply to Sophoan KHIEU

Hello Sophoan KHIEU,

thanks. Now looking at the details I see:

Exploit prevention status Inactive

Exploit prevention policy compliance Same as policy

This looks like Exploit Prevention is disabled in the policy. Please check which EXP policy is assigned to this group (\Global Group\Computers) and whether EXP is enabled or not.

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Children

0 Sophoan KHIEU over 7 years ago in reply to QC

Dear Sir,

Thank you so much for your immediate repose.

All client computer is assigned in one group but only about 10 clients with Exploit Prevention status inactive.

With Best regards,
Cancel
Vote Up 0 Vote Down

Cancel
0 QC over 7 years ago in reply to Sophoan KHIEU

Hello Sophoan KHIEU,

I see 9 endpoint Inactive, two Partially disabled and the rest with no status at all. The latter suggests that EXP hasn't been installed on them. I don't yet have EXP installed so I can only guess what Partially disabled signifies - the policy has (been) changed from Enabled to Disabled and a reboot is required to completely deactivate EXP.
Could you open the Exploit prevention policy and provide a screenshot of it? Is your EXP license active (though I assume SEC should warn you in this case)?

Christian
Cancel
Vote Up 0 Vote Down

Cancel

Exploit prevention status	Inactive
Exploit prevention policy compliance	Same as policy

Exploit prevention status	Inactive
Exploit prevention policy compliance	Same as policy