Solved

check agent scanning status

  • 27 August 2018
  • 2 replies
  • 324 views

Userlevel 1
Badge +10
I just had a warning about one station having a malware, and I sent cleaning up command via GSM. However, I wonder how I can check if the agent is really received the command, and it is going to execute the command?
 
Thanks.
icon

Best answer by NicCrockett 15 January 2019, 23:21

I know this is late, but you can somewhat tell via the console. After you send the clean-up command go to the Logs tab >> Command tab. If the command was the last thing you did it will probably be at the top of the list on this tab. Whether it's at the top or a further down, it will probably say "Not yet received" in the Status column. Depending on how long you have your endpoints set-up to check-in with the console will depend on how long it takes this command to be run. My policies are set-up to check-in every 15 minutes, which I believe is the default. Once the endpoint checks in, the Status column will change to "Executed".



However, this doesn't mean it has completed, it only means that the endpoint received the command. Next you will want to view the endpoint's Scan History in the Group Management tab. Like the Command Logs, you'll probably have to refresh it every so often until you see a new entry that falls after the time the command was sent. It will also have a Scan Type of "Post Cleanup Scan" instead of the usual "Deep Scan".



Hope this helps someone in the future.

Sincerely,
View original

2 replies

Userlevel 7
Badge +25
I know this is late, but you can somewhat tell via the console. After you send the clean-up command go to the Logs tab >> Command tab. If the command was the last thing you did it will probably be at the top of the list on this tab. Whether it's at the top or a further down, it will probably say "Not yet received" in the Status column. Depending on how long you have your endpoints set-up to check-in with the console will depend on how long it takes this command to be run. My policies are set-up to check-in every 15 minutes, which I believe is the default. Once the endpoint checks in, the Status column will change to "Executed".



However, this doesn't mean it has completed, it only means that the endpoint received the command. Next you will want to view the endpoint's Scan History in the Group Management tab. Like the Command Logs, you'll probably have to refresh it every so often until you see a new entry that falls after the time the command was sent. It will also have a Scan Type of "Post Cleanup Scan" instead of the usual "Deep Scan".



Hope this helps someone in the future.

Sincerely,
Userlevel 7
Badge +35
Hello @,
 
There isn't an easy way to tell if a command was executed other than scanning and seeing what status the endpoint is then in after the scan. Our support team would be happy to help walk you through this if you would like to contact them. Thanks!

Reply