Cannot Fully Disable Capabilities on Harmony Endpoint

PHUM888 — Fri, 29 Nov 2024 08:41:00 GMT

Hello

I’m facing issues when trying to disable capabilities on Harmony Endpoint. Here’s the summary of the problem:

Inconsistent Behavior Across Endpoints:
- When I disable capabilities (e.g., Anti-Malware, Anti-Ransomware, File Protection), some features turn off, but others remain enabled.
- On some endpoints, after disabling capabilities, the status temporarily shows "In Progress" but then reverts to "Enabled."
Running Services in Service(Local), Task Manager:
- Even after disabling capabilities, certain services related to Harmony Endpoint continue to run in Service(Local), Task Manager, as shown in the attached screenshots.
Variations in Endpoint Behavior:
- I noticed differences in behavior across endpoints. For example:
  - Endpoint A: Some features successfully disable, but others stay active. (Endpoint Version 88.32.2003)
  - Endpoint B: Some features successfully disable, but others stay active. (Endpoint Version 88.32.2003)
  - Endpoint C: Features revert to "Enabled" immediately after attempting to disable them.(Endpoint Version 88.32.2003)
  - (view in My Videos)

Troubleshooting Steps Tried:

I attempted to disable capabilities directly from the Harmony Endpoint Console.
Verified policies in the Software Deployment section and applied a specific policy to the problematic endpoint.
Removed the Package for the problematic endpoint using the Apply to feature, followed by a restart of the endpoint.
After the restart, upgraded the Threat Prevention package from the endpoint interface and attempted to disable capabilities again.
Observed that some capabilities could not be disabled or reverted to the "Enabled" state after appearing as "In Progress."
Checked Task Manager and Services (Local) to find that some services related to Harmony Endpoint were still running despite attempting to disable capabilities.

Expected Behavior:
All capabilities should be disabled consistently across endpoints once the policy is applied.

Request for Help:
Could you please provide guidance on:

Why certain capabilities remain enabled or revert after disabling them?
How to ensure consistent disabling of capabilities across endpoints?
Steps to verify that services are completely stopped after disabling capabilities.

Thank you for your assistance!

Re: Cannot Fully Disable Capabilities on Harmony Endpoint

G_W_Albrecht — Fri, 29 Nov 2024 08:38:22 GMT

Open SR# with CP TAC to get the reason for this behaviour !

Re: Cannot Fully Disable Capabilities on Harmony Endpoint

PhoneBoy — Mon, 02 Dec 2024 21:28:46 GMT

You may want to check that the policies are correctly applied to the Endpoints in question (Menu > Advanced > View Policies).
They should have the same version/date.
And yes, I second the suggestion to get TAC involved.
They are probably going to want logs, which you collect from the client (Menu > Advanced > Collect) and review for yourself as it might provide some clues.

topic Re: Cannot Fully Disable Capabilities on Harmony Endpoint in Endpoint

Cannot Fully Disable Capabilities on Harmony Endpoint

Re: Cannot Fully Disable Capabilities on Harmony Endpoint

Re: Cannot Fully Disable Capabilities on Harmony Endpoint