I just had a warning about one station having a malware, and I sent cleaning up command via GSM. However, I wonder how I can check if the agent is really received the command, and it is going to execute the command?
Best answer by NicCrockett
I know this is late, but you can somewhat tell via the console. After you send the clean-up command go to the Logs tab >> Command tab. If the command was the last thing you did it will probably be at the top of the list on this tab. Whether it's at the top or a further down, it will probably say "Not yet received" in the Status column. Depending on how long you have your endpoints set-up to check-in with the console will depend on how long it takes this command to be run. My policies are set-up to check-in every 15 minutes, which I believe is the default. Once the endpoint checks in, the Status column will change to "Executed".
However, this doesn't mean it has completed, it only means that the endpoint received the command. Next you will want to view the endpoint's Scan History in the Group Management tab. Like the Command Logs, you'll probably have to refresh it every so often until you see a new entry that falls after the time the command was sent. It will also have a Scan Type of "Post Cleanup Scan" instead of the usual "Deep Scan".
Hope this helps someone in the future.