I set up an agent policy with a few other integrations that work fine, the only one that is causing trouble is Elastic Defend. Despite using the default configuration it is not working.
Here is all I've been able to gather so far:
PS C:\Program Files\Elastic\Endpoint> & 'C:\Program Files\Elastic\Agent\elastic-agent.exe' status
┌─ fleet
│ └─ status: (STOPPED) Not enrolled into Fleet
└─ elastic-agent
├─ status: (HEALTHY) Running
└─ endpoint-default
├─ status: (HEALTHY) Healthy: communicating with endpoint service
├─ endpoint-default
│ └─ status: (STARTING)
└─ endpoint-default-6db8a8d2-f76a-490d-a535-67e47ce26202
└─ status: (STARTING)
Yet the executable seems to tell another story...
There is an issue applying the policy to it for some reason.
PS C:\Program Files\Elastic\Endpoint> .\elastic-endpoint.exe status
- elastic-agent
- status: (HEALTHY) Connected
- elastic-endpoint
- status: (HEALTHY) Running (no policy)
Logs don't seem to be very helpful either:
{"@timestamp":"2025-02-12T14:40:36.499633Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"warning","origin":{"file":{"line":485,"name":"AgentContext.cpp"}}},"message":"AgentContext.cpp:485 Endpoint is setting status to STARTING, reason: Policy Application Status","process":{"pid":20384,"thread":{"id":23152}}}
{"@timestamp":"2025-02-12T15:16:59.9940254Z","agent":{"id":"","type":"endpoint"},"ecs":{"version":"8.10.0"},"log":{"level":"notice","origin":{"file":{"line":182,"name":"BulkQueueConsumer.cpp"}}},"message":"BulkQueueConsumer.cpp:182 No valid comms client available","process":{"pid":20384,"thread":{"id":12520}}}
Does anyone know what might be causing this or how to get to the root of the issue?