Strange issue with Security Heartbeat

Question

Hello,

we have noticed a strange issue with Security Heartbeat. Devices often only gain access to the network several minutes after booting. The Heartbeat.log on the endpoint says that the connection initially failed. The heartbeatd.log on the firewall does not contain any recent entries.

Heartbeat.log

2023-02-23T09:36:02.846Z [17344: 8016] A Connection failed.
2023-02-23T09:40:54.412Z [17344: 8016] A Connection succeeded.
2023-02-23T09:40:54.413Z [17344: 8016] A Connected to '81d5633d-0d85-4824-98e4-858c87c7a273' at IP address 52.5.76.173 on port 8347
2023-02-23T09:40:54.413Z [17344: 8016] A Sending network status
2023-02-23T09:40:54.413Z [17344: 8016] A The network status has changed, the Firewall may disconnect.
2023-02-23T09:40:54.415Z [17344: 8016] A Received request to enable enhanced application control
2023-02-23T09:40:54.415Z [17344: 8016] A Sending endpoint state list request
2023-02-23T09:40:54.416Z [17344: 8016] A Sending login status.
2023-02-23T09:40:54.416Z [17344: 8016] A User: USERNAME
2023-02-23T09:40:54.416Z [17344: 8016] A Sending health status: admin=1 health=1 service=1 threat=1 threatService=1
2023-02-23T09:40:54.417Z [17344: 8016] A Received response to endpoint state list request, size: 1
2023-02-23T09:42:00.950Z [17344: 8016] A Received request to disable enhanced application control for C:\program files (x86)\microsoft\edge\application\msedge.exe

heartbeatd.log (there are no newer entries)

[2021-11-30 15:00:20.057] INFO HBSession.cpp[6743]:502 logNewSession - New Session: [172.16.12.74]:8387 connected
[2021-11-30 15:00:20.103] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <c25ece7d-a04e-4005-820c-b1a12624518e>: <5> -> <1>
[2021-11-30 15:00:20.103] INFO ModuleSacFirst.cpp[6743]:95 sendEacMessage - send EacSwitchRequest to endpoint (IP=172.16.12.74)
[2021-11-30 15:00:20.106] INFO EpStateListBroker.cpp[6743]:56 markEndpointForUpdates - Endpoint marked for receiving Stonewall updates: c25ece7d-a04e-4005-820c-b1a12624518e(172.16.12.74)
[2021-11-30 15:00:23.823] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:00:29.925] INFO ModuleStatus.cpp[6743]:138 processMessageStatus - Status request received from endpoint: c25ece7d-a04e-4005-820c-b1a12624518e (172.16.12.74) health: 1
[2021-11-30 15:01:00.359] INFO SacProcessor.cpp[6743]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <c25ece7d-a04e-4005-820c-b1a12624518e>, Application path :C:\134program files (x86)\134microsoft\134edge\134application\134msedge.exe
[2021-11-30 15:01:24.061] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:01:27.699] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:07:22.260] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events.
[2021-11-30 15:09:04.494] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:13:16.599] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:13:44.482] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:15:17.622] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:15:24.041] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:16:27.738] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:21:25.037] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:26:04.897] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:28:16.624] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:30:17.652] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:30:24.252] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:31:27.788] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:33:45.548] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:38:25.333] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:43:16.648] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:45:17.685] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:45:24.498] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:46:06.073] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:46:27.828] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:50:45.751] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:52:23.285] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events.
[2021-11-30 15:58:16.722] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 15:58:26.637] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:00:17.719] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:00:24.741] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:01:27.860] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:03:06.144] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:10:22.523] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:10:47.203] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:13:16.701] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:15:17.752] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:15:24.960] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:15:26.535] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:16:27.904] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:18:41.526] INFO SacProcessor.cpp[6743]:64 discardApp - Sent switchOffConnectionInfo request to endpoint: <e97fa787-de12-4693-86dc-6fdbf77e051c>, Application path :C:\134program files (x86)\134microsoft\134edgeupdate\134microsoftedgeupdate.exe
[2021-11-30 16:20:54.552] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:23:07.807] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:25:42.408] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:27:46.955] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:28:16.725] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:29:45.841] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:30:17.778] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:30:25.179] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:31:27.940] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:32:08.488] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:34:20.903] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:35:28.345] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:37:25.183] INFO GarnerEventReader.cpp[6743]:129 acceptConnectionHandler - Garner plugin connected. Ready to receive garner events.
[2021-11-30 16:40:07.373] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:41:06.825] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:43:16.741] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:45:17.808] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:45:25.411] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:46:27.977] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:47:48.809] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:52:27.788] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 16:58:16.761] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:06.391] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:09.333] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:17.846] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:25.617] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:00:44.444] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System
[2021-11-30 17:01:14.856] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <56a453ce-bbef-4fab-b721-d8435c1ef48b>: <1> -> <3>
[2021-11-30 17:01:44.448] INFO EndpointStorage.cpp[6743]:114 endpoint_connectivity_cb - Connectivity changed for <c25ece7d-a04e-4005-820c-b1a12624518e>: <1> -> <3>
[2021-11-30 17:04:48.263] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System[2021-11-30 17:04:48.263] WARN Path.cpp[6743]:68 getExecutableFilename - Parsing executable filename failed. Falling back to full path: System

How to fix this problem?

Best regards

Gerhard

This thread was automatically locked due to age.

Strange issue with Security Heartbeat

Top Replies