Agent for Endpoint is shown as unhealthy

I am unable to understand the issue. I tried to uninstall and install multiple times but the agent still shows as "Unhealthy".

The agent is installed on windows and I am unable to open the file from GUI as it says "access denied". So I tried opening the endpoint folder through command prompt and I do see files in it. So it is not empty. I tried to check the logs for the endpoint agent but I am new to elastic and dont know what exactly to look for in the case of "unhealthy agent".
Would really appreciate it if someone can help resolve this.

Thank You

Hi @Cosmic_Season - thanks for trying Endpoint Security, I'm sorry that there are issues right now.

To help us investigate further, can you answer a few questions.

  • Which version of the Agent are you using?

  • Do you have any other integrations installed on the Agent besides Elastic Defend (i.e. the Endpoint)?

  • In the UI, are you able to see a reference to the Endpoint on this page: Security > Manage > Endpoints? You should see something like the below (Note, the status will be Unhealthy in your case):

  • Do you have any other Security software installed on your Windows machine that may conflict with a new anti-virus software such as the Elastic Endpoint? Some examples are another anti-virus software, firewalls, etc.

  • Can you provide the Agent and Endpoint logs so that we can look more closely at the problem?

To get the Agent logs from the Windows host go to:
c:\Program Files\Elastic\Agent\data\elastic-agent-<some-hash>\logs
You should see some ndjson files here, you can zip these up and provide them here.

To get the Endpoint logs from the Windows host go to:
c:\Program Files\Elastic\Endpoint\state\log
You should see some log files here. You can zip these up and provide them here.

You must be Administrator to do the above.

Let me know if you have any questions

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.