Defend integration, agent unhealthy, failed install and exist status 213

After the agent was reinstalled on a device, the Elastic Defend integration began showing an error of: "failed install endpoint service ... exit status 213". Which is installation failure from pre-existing files.

I've found a similar issue here that is near exact, but they continued in private channels.

I've provided some of the logs from the agent.

17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-model]
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: info: File.cpp:480 Attempted deletion failed, failed to reset file attributes for C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-model
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-exceptionlist]
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: info: File.cpp:480 Attempted deletion failed, failed to reset file attributes for C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-exceptionlist
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: debug: File.cpp:453 Removing [C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-blocklist]
17:01:04.793
elastic_agent
[elastic_agent][error] 2024-07-18 22:01:04: info: File.cpp:480 Attempted deletion failed, failed to reset file attributes for C:\Program Files\Elastic\Endpoint\cache\artifacts\global-artifacts\endpointpe-v4-blocklist

The logs also continue repeating with similar messages, where it cycles attempting to remove a file in the cache directory, and then failing.

How can I resolve this issue?

@Adair_Torres I'm sorry you've encountered this issue. As you noted, your issue is likely another instance of the same category of error in the other post. Assuming that ends up being the case, it's likely related to an issue with our self-protection. Unfortunately the specific remedy can vary with the specific original cause and the state the host gets left in. I'll PM you a method to share more specifics so that I'm able to suggest the specific remedy for this host.

This topic was automatically closed 28 days after the last reply. New replies are no longer allowed.