Endpoint Detection and Response (EDR) endpoint is displaying the needs attention indicator . Click the indicator to see the message. If you receive the following error message:
"The Endpoint Detection and Response plugin on this endpoint didn’t start correctly. This needs your immediate attention, as files cannot be cleaned and no events can be logged."
Then the Endpoint Agent did not properly startup or the local database is corrupted.
To resolve this issue, do the following:
- Reboot the endpoint. If this does not resolve the issue, proceed with the next steps.
- Remove the EDR plugin by disabling the EDR policy settings for the affected endpoint.
- On the left-navigation menu, go to Configure > Policies.
- Click on the policy assigned to the affected endpoint.
- On the left, click Endpoint Detection and Response.
- Uncheck the following options:
- Suspicious activity monitoring
- Ransomware Rollback
- Enable endpoint isolation to allow locking/unlocking of endpoints
- Active Response Shell
- Click Save.
- Wait 5 minutes to allow the plugin to be completely unloaded.
- Reinstall the EDR plugin by re-enabling the EDR policy settings.
- On the left-navigation menu, go to Configure > Policies.
- Click on the policy assigned to the affected endpoint.
- On the left, click Endpoint Detection and Response.
- Re-check the options that were previously disabled.
- Click Save.
- Wait to see if the error message still persists.
If additional assistance is required, contact Support.