Recent Searches

No recent searches

    Popular Articles

      Articles
      View all
        Topics
        View all
          Tickets
          View all
            no results

            Sorry! nothing found for

            Troubleshooting EDR Agents

            Modified on Tue, 26 Aug, 2025 at 3:16 PM

            Field guide for support and admins.


            Install/Upgrade Failures and Common Error Codes


            Installation Issues

            • Error 1603: MSI installer failure

            • Error 1722: Windows Installer package problem

            • Error 2: System cannot find the file specified

            • Error 5: Access denied during installation

            • Error 1920: Service failed to start


            Upgrade Failures

            • Version mismatch errors

            • Configuration file corruption

            • Service dependency issues

            • Registry key conflicts

            • File permission problems


            Common Resolution Steps

            • Run installer as administrator

            • Disable antivirus temporarily

            • Clean previous installation remnants

            • Verify system requirements

            • Check available disk space


            Agent Health Checks and Logs


            CrowdStrike Falcon

            • Service status: sc query csagent

            • Agent info: sc query csfalconservice

            • Log location: C:\Windows\System32\drivers\CrowdStrike

            • Health check: falconctl.exe -g --cid

            • Connectivity test: falconctl.exe -g --aid


            SentinelOne

            • Service status: sc query sentinelagent

            • Agent status: sentinelctl status

            • Log location: C:\Program Files\SentinelOne\Sentinel Agent\logs

            • Configuration check: sentinelctl config

            • Policy refresh: sentinelctl policy refresh


            Microsoft Defender

            • Service status: sc query windefend

            • ATP service: sc query sense

            • Log location: Windows Event Logs

            • Onboarding status: reg query HKLM\SOFTWARE\Microsoft\Windows Advanced Threat Protection

            • Configuration: Get-MpPreference


            Carbon Black

            • Service status: sc query carbonblack

            • Agent info: C:\Program Files\Confer\repcli.exe status

            • Log location: C:\Windows\CarbonBlack

            • Connectivity: repcli.exe checkin

            • Policy sync: repcli.exe sync


            Network/Proxy and Certificate Requirements


            Firewall Rules

            • HTTPS (443) outbound access

            • Vendor-specific ports

            • DNS resolution requirements

            • Time synchronization (NTP)

            • Certificate revocation checks


            Proxy Configuration

            • HTTP/HTTPS proxy settings

            • Authentication credentials

            • Bypass rules for local networks

            • SSL inspection compatibility

            • Proxy auto-configuration (PAC)


            Certificate Issues

            • Root certificate trust

            • Intermediate certificate chain

            • Certificate expiration

            • SSL/TLS version compatibility

            • Certificate pinning validation


            Connectivity Testing

            • Telnet to vendor endpoints

            • PowerShell web requests

            • nslookup for DNS resolution

            • Certificate validation tools

            • Network trace analysis


            Performance/Exclusion Tuning


            Performance Monitoring

            • CPU usage monitoring

            • Memory consumption tracking

            • Disk I/O impact assessment

            • Network bandwidth utilization

            • Process startup delays


            Exclusion Configuration

            • File and folder exclusions

            • Process exclusions

            • Registry key exclusions

            • Network exclusions

            • Scanning exclusions


            Common Exclusions

            • Database files and directories

            • Backup software locations

            • Development environments

            • Virtual machine files

            • High-traffic file shares


            Tuning Recommendations

            • Reduce scan frequency

            • Limit concurrent scans

            • Adjust buffer sizes

            • Configure bandwidth limits

            • Schedule maintenance windows


            Common Conflict/Coexistence Issues


            Antivirus Conflicts

            • Real-time protection overlaps

            • File system filter driver conflicts

            • Boot-time scanning issues

            • Quarantine folder conflicts

            • Update mechanism interference


            Application Compatibility

            • Database performance degradation

            • Backup software failures

            • Virtual machine agent conflicts

            • Development tool issues

            • Legacy application problems


            Network Security Tools

            • DLP agent interactions

            • VPN client compatibility

            • Network monitoring overlaps

            • Firewall agent conflicts

            • Proxy agent issues


            Resolution Strategies

            • Sequential deployment testing

            • Compatibility matrix creation

            • Vendor coordination

            • Configuration optimization

            • Phased rollout approach


            Escalation and Vendor Support


            When to Escalate

            • Repeated installation failures

            • Persistent connectivity issues

            • Performance degradation

            • Compatibility conflicts

            • Agent corruption problems


            Escalation Preparation

            • Collect diagnostic logs

            • Document error messages

            • Gather system information

            • Note reproduction steps

            • Prepare configuration details


            Vendor Support Channels

            • Technical support portals

            • Emergency support contacts

            • Community forums

            • Knowledge base resources

            • Professional services


            Information to Provide

            • Agent version and build

            • Operating system details

            • Error codes and messages

            • Timeline of events

            • Environmental specifics


            SLA Expectations

            • Response time commitments

            • Severity level definitions

            • Escalation procedures

            • Resolution timeframes

            • Communication protocols

            Was this article helpful?

            That’s Great!

            Thank you for your feedback

            Sorry! We couldn't be helpful

            Thank you for your feedback

            Let us know how can we improve this article!

            Select at least one of the reasons
            CAPTCHA verification is required.

            Feedback sent

            We appreciate your effort and will try to fix the article

            Preview
            0 of 0