Forum Discussion
Endpoint Protection not installed on non-Azure servers
MicrosoftPlease search the Log Analytics workspace in which the machine is connected to for the ProtectionStatus logs.
Query to target your computer looks like:
ProtectionStatus
| where Computer has "<your computer name>"check the ProtectionStatusRank. Anything other than 150 indicate unhealthy state.
If no logs return then it might be computer connection to workspace issue, check the 'Heartbeat' on the same query window
Eli The query that shows that the end point not installed is as below:
*removed data that are our environment specific.
| ProtectionStatusRank | 450 |
ProtectionStatus | Not Reporting |
ProtectionStatusDetails | Not reporting - Unable to collect data |
SignatureVersion | Unknown |
TypeofProtection | Malicious Software Removal Tool |
ComputerEnvironment | Non-Azure |
Type | ProtectionStatus |
- EliNot Reporting means just that. How is the Heartbeat?
Eli I don't have much expertise on the query part, but found the query
Heartbeat| where TimeGenerated > ago(1h)I could see that the server in question is showing up on this list from the queryIs there anything in specific I should be looking at?- Eli
Ambarish Haridathan log existence by itself is not enough, you need to see that it is current (at least once a day).
Please check this out for better troubleshooting:
https://docs.microsoft.com/en-us/azure/azure-monitor/platform/agent-windows-troubleshoot
If further help still required and if you have Microsoft Support SR# please send it over so I can internally investigate further, else please create one and refer my name (Eli Sagie) as reference.