Hello,
we have noticed a strange issue with Security Heartbeat. Devices often only gain access to the network several minutes after booting. The Heartbeat.log on the endpoint says that the connection initially failed. The heartbeatd.log on the firewall does not contain any recent entries.
Heartbeat.log
2023-02-23T09:36:02.846Z [17344: 8016] A Connection failed. 2023-02-23T09:40:54.412Z [17344: 8016] A Connection succeeded. 2023-02-23T09:40:54.413Z [17344: 8016] A Connected to '81d5633d-0d85-4824-98e4-858c87c7a273' at IP address 52.5.76.173 on port 8347 2023-02-23T09:40:54.413Z [17344: 8016] A Sending network status 2023-02-23T09:40:54.413Z [17344: 8016] A The network status has changed, the Firewall may disconnect. 2023-02-23T09:40:54.415Z [17344: 8016] A Received request to enable enhanced application control 2023-02-23T09:40:54.415Z [17344: 8016] A Sending endpoint state list request 2023-02-23T09:40:54.416Z [17344: 8016] A Sending login status. 2023-02-23T09:40:54.416Z [17344: 8016] A User: USERNAME 2023-02-23T09:40:54.416Z [17344: 8016] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1 2023-02-23T09:40:54.417Z [17344: 8016] A Received response to endpoint state list request, size: 1 2023-02-23T09:42:00.950Z [17344: 8016] A Received request to disable enhanced application control for C:\program files (x86)\microsoft\edge\application\msedge.exe
heartbeatd.log (there are no newer entries)
[2021-11-30 15:00:20.057] INFO HBSession.cpp[6743]:502 logNewSession - New Session: [172.16.12.74]:8387 connected [2021-11-30 15:00:20.103] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <c25ece7d-a04e-4005-820c-b1a12624518e>: <5> -> <1> [2021-11-30 15:00:20.103] INFO ModuleSacFirst.cpp[6743]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=172.16.12.74) [2021-11-30 15:00:20.106] INFO EpStateListBroker.cpp[6743]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: c25ece7d-a04e-4005-820c-b1a12624518e(172.16.12.74) [2021-11-30 15:00:23.823] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:00:29.925] INFO ModuleStatus.cpp[6743]:138 processMessageStatus - Status request received from endpoint: c25ece7d-a04e-4005-820c-b1a12624518e (172.16.12.74) health: 1 [2021-11-30 15:01:00.359] INFO SacProcessor.cpp[6743]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <c25ece7d-a04e-4005-820c-b1a12624518e>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe [2021-11-30 15:01:24.061] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:01:27.699] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:07:22.260] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events. [2021-11-30 15:09:04.494] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:13:16.599] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:13:44.482] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:15:17.622] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:15:24.041] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:16:27.738] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:21:25.037] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:26:04.897] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:28:16.624] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:30:17.652] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:30:24.252] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:31:27.788] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:33:45.548] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:38:25.333] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:43:16.648] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:45:17.685] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:45:24.498] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:46:06.073] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:46:27.828] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:50:45.751] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:52:23.285] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events. [2021-11-30 15:58:16.722] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 15:58:26.637] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:00:17.719] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:00:24.741] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:01:27.860] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:03:06.144] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:10:22.523] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:10:47.203] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:13:16.701] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:15:17.752] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:15:24.960] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:15:26.535] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:16:27.904] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:18:41.526] INFO SacProcessor.cpp[6743]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <e97fa787-de12-4693-86dc-6fdbf77e051c>, Application path :C:\134program files (x86)\134microsoft\134edgeupdate\134microsoftedgeupdate.exe [2021-11-30 16:20:54.552] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:23:07.807] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:25:42.408] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:27:46.955] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:28:16.725] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:29:45.841] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:30:17.778] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:30:25.179] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:31:27.940] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:32:08.488] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:34:20.903] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:35:28.345] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:37:25.183] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events. [2021-11-30 16:40:07.373] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:41:06.825] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:43:16.741] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:45:17.808] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:45:25.411] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:46:27.977] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:47:48.809] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:52:27.788] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 16:58:16.761] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 17:00:06.391] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 17:00:09.333] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 17:00:17.846] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 17:00:25.617] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 17:00:44.444] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System [2021-11-30 17:01:14.856] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <56a453ce-bbef-4fab-b721-d8435c1ef48b>: <1> -> <3> [2021-11-30 17:01:44.448] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <c25ece7d-a04e-4005-820c-b1a12624518e>: <1> -> <3> [2021-11-30 17:04:48.263] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System[2021-11-30 17:04:48.263] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
How to fix this problem?
Best regards
Gerhard
This thread was automatically locked due to age.
