This article explains how to manage the EPP agents you have installed on your endpoints.
There are various actions you can take to manage the EPP agents deployed in your environment. Agents perform one action at a time, you can choose to terminate an action any time and after 7 days if an action is not taken it expires.
The actions you can take on an endpoint are:
-
Full System Scan (for more information, see Configuring Endpoint Protection)
-
Unlock Anti-Tamper
-
Uninstall Agent
- Restore from quarantine
Note
Note: Upload logs and Reinstall Drivers can only be triggered by a Cato representative, pending admin approval.
Cato's EPP has Anti-Tampering protection enabled by default. This protects the processes, files, services, and registries used by the EPP solution from malicious modifications or kill attempts. This also protects against unintentional enduser actions that might compromise security.
You can temporarily unlock the Anti-Tamping protection for 15 minutes, for example, if you need to uninstall the solution. After this time, or if the endpoint is rebooted, Anti-Tampering protection is reenabled.
If EPP is no longer required on an endpoint, it can be uninstalled and, if necessary, deleted from your account. After the solution is uninstalled, the EPP engines cannot scan for malicious activity and no Events are reported. The endpoint remains on the Protected Endpoint table until it is deleted.
You can uninstall EPP from an endpoint and delete the endpoint from your account in a single action.
Note
Note: Supported from EPP Agent v1.1. If you try to delete and uninstall EPP Agent v1.0, no action is taken until the Agent is upgraded to v1.1.
To uninstall and Delete an Endpoint:
-
From the navigation menu, click Monitoring > Protected Endpoints.
The Protected Endpoints screen is displayed
-
Click on the three dots () on the endpoint that you are deleting.
-
Click Remove Endpoint.
The Remover Endpoint dialog box is displayed.
-
Click Remove Endpoint & Uninstall Agent.
EPP is uninstalled from the endpoint and the endpoint is deleted from your account.
You can uninstall EPP on an endpoint so that the EPP engines cannot scan for malicious activity and no Events are reported. Until the endpoint is deleted, it is visible on the Protected Endpoint table.
To uninstall an endpoint:
-
From the navigation menu, click Monitoring > Protected Endpoints.
The Protected Endpoints screen is displayed.
-
Click on the three dots () on the endpoint that you are uninstalling.
-
Click Uninstall Agent.
The Uninstall Agent dialog box is displayed.
-
Click Uninstall Agent.
EPP is uninstalled from the endpoint.
If EPP is no longer installed on an endpoint, the endpoint can be deleted from the Protected Endpoint table.
Note
Note: Do not delete an endpoint from the Protected Endpoint table before EPP has been uninstalled.
To delete an endpoint:
-
From the navigation menu, click Monitoring > Protected Endpoints.
The Protected Endpoints screen is displayed.
-
Click on the three dots () on the endpoint that you are deleting.
-
Click Remove Endpoint.
The Remove Endpoint dialog box is displayed.
-
Click Remove Endpoint.
The endpoint is deleted from the Protected Endpoints screen.
After an action is created, you can terminate it at any time.
You can view the near real-time status and history of actions sent to the EPP agent. The EPP agent sends an update on the status of an action it has received every 30 seconds.
Note
Note: Actions can be reviewed from agent version 1.2 and higher.
To review endpoint actions:
-
From the navigation menu, click Monitoring > Protected Endpoints.
-
Click the Actions History tab.
The following table describes the Actions History table.
Column |
Explanation |
---|---|
Action ID |
Unique reference of the action. |
Endpoint ID |
Unique ID of the EPP agent. |
Created On |
Time stamp of when the action was created. |
Endpoint Name |
Computer name of the endpoint. |
Action |
Action taken on the endpoint. |
Status |
The near real-time status of the action. Possible statuses are:
|
Details |
Additional information about the action. |
Last Update Time |
Time stamp of the last time an update on the action was received. |
Created By |
The admin that created the action. |
Endpoint Status |
The status of the endpoint. |
0 comments
Article is closed for comments.