This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
PHUM888
Explorer
‎2024-11-29 12:15 AM

Cannot Fully Disable Capabilities on Harmony Endpoint

Hello 

I’m facing issues when trying to disable capabilities on Harmony Endpoint. Here’s the summary of the problem:

  1. Inconsistent Behavior Across Endpoints:

    • When I disable capabilities (e.g., Anti-Malware, Anti-Ransomware, File Protection), some features turn off, but others remain enabled.
    • On some endpoints, after disabling capabilities, the status temporarily shows "In Progress" but then reverts to "Enabled."
      7be3dd34-f4c9-4009-ade7-7499bf181b59.png

  2. Running Services in Service(Local), Task Manager:

    • Even after disabling capabilities, certain services related to Harmony Endpoint continue to run in Service(Local), Task Manager, as shown in the attached screenshots.
    • 572e0d2e-edb5-49c3-ba72-d8a7aa90856e.jpg20241129-145149.485-3.jpg20241129-145149.485-4.jpg20241129-145149.485-6.jpg

  3. Variations in Endpoint Behavior:

    • I noticed differences in behavior across endpoints. For example:
      • Endpoint A: Some features successfully disable, but others stay active. (Endpoint Version 88.32.2003)a0d30f81-9d3d-40c3-816e-d57cbd4eb9a4.png
      • Endpoint B: Some features successfully disable, but others stay active. (Endpoint Version 88.32.2003)messageImage_1732779019747.jpg
      • Endpoint C: Features revert to "Enabled" immediately after attempting to disable them.(Endpoint Version 88.32.2003)
      • (view in My Videos)

Troubleshooting Steps Tried:

  1. I attempted to disable capabilities directly from the Harmony Endpoint Console.
  2. Verified policies in the Software Deployment section and applied a specific policy to the problematic endpoint.
  3. Removed the Package for the problematic endpoint using the Apply to feature, followed by a restart of the endpoint.
  4. After the restart, upgraded the Threat Prevention package from the endpoint interface and attempted to disable capabilities again.
  5. Observed that some capabilities could not be disabled or reverted to the "Enabled" state after appearing as "In Progress."
  6. Checked Task Manager and Services (Local) to find that some services related to Harmony Endpoint were still running despite attempting to disable capabilities.d19e938f-5da5-49cc-9a69-2d6af0cd985e.png

Expected Behavior:
All capabilities should be disabled consistently across endpoints once the policy is applied.

Request for Help:
Could you please provide guidance on:

  • Why certain capabilities remain enabled or revert after disabling them?
  • How to ensure consistent disabling of capabilities across endpoints?
  • Steps to verify that services are completely stopped after disabling capabilities.

Thank you for your assistance!

0 Kudos
2 Replies
G_W_Albrecht
Legend Legend
Legend
‎2024-11-29 12:38 AM

Open SR# with CP TAC to get the reason for this behaviour !

CCSP - CCSE / CCTE / CTPS / CCME / CCSM Elite / SMB Specialist
0 Kudos
PhoneBoy
Admin
Admin
‎2024-12-02 01:28 PM

You may want to check that the policies are correctly applied to the Endpoints in question (Menu > Advanced > View Policies).
They should have the same version/date.
And yes, I second the suggestion to get TAC involved.
They are probably going to want logs, which you collect from the client (Menu > Advanced > Collect) and review for yourself as it might provide some clues.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events