On-demand Manual User Initiated Connection
As the name says, on-demand (at user's will), the user has control over when to connect or disconnect from GlobalProtect. Once connected to GlobalProtect, the user will see a 'disconnect' option to disconnect when needed. Under 'Connect-method' drop down, select 'On-demand (Manual user initiated. SensorView Manual Page 8 of 123 1. Device search (filter) allows a user to immediately begin typing to search for the device (over device ID, model, or custom label), while 2. Features allows for a user to search for a device based on its o Hardware capabilities: current-sensing, dimming-or-relay, occupancy, photocell, relay, switch, wireless.
- Connect on Demand can only be checked if the Certificate Authentication field is set to Manual or Automatic. The Connect on Demand rules, defined by the Match Domain or Host and the On Demand Action fields. Always connect: iOS will always attempt to.
- Because Chrome OS does not allow third-party applications to launch automatically, the GlobalProtect app for Chrome OS only supports on-demand connections. As a result, the end user has to launch the app and manually initiate a VPN connection to establish a VPN (tunnel) connection.
Mitigation Status
The Threat Event Logs screen in the console displays the status for the following tasks:
Threat mitigation
On-demand Scan (user-initiated and administrator-initiated)
Agent post-installation scan
User Initiated Event
This topic discusses Trend Micro recommended actions when tasks are not successfully carried out.
Task status |
Status | Task | Description and Recommended Actions |
Statuses That Do Not Require Any Action | ||
Mitigation in progress |
| Threat Mitigator received an event from a data source and is waiting for the agent to process the mitigation task. |
Resolved threats: All threats resolved |
| The agent has resolved all threats detected on the endpoint. |
Resolved threats: Endpoint security software took action | Threat mitigation | Endpoint security software (such as OfficeScan) took a specific action on the infected file before the agent can take action. For a list of actions the security software can perform, refer to the documentation for the software. |
Resolved threats: Threat no longer exists | Threat mitigation | A threat reported by the data source no longer exists at the time of cleanup. The threat may have been removed from the endpoint. |
Resolved threats: Potential threat resolved | Threat mitigation | An item that has the potential of becoming a threat was confirmed as safe during cleanup. |
Scanned endpoint: No threat found |
| No threats were found on the endpoint.
|
Rollback successful |
| The agent successfully rolled back the mitigation action. |
Statuses That Require An Action | ||
Assessed endpoint: Manual cleanup needed | Threat mitigation | The agent detected threats in the endpoint during assessment but did not run cleanup because you have chosen to run cleanup manually. On the Threat Management screen, click the Require post-assessment cleanup link. On the table at the lower section of the screen, select the endpoint and then click Run Cleanup. |
No mitigation: Mitigation exception |
| The agent cannot perform the task because of a mitigation exception. For example, the endpoint’s IP address might be included in the mitigation exception list. Check the threat detected on the endpoint. Consider removing the endpoint from the exception list if you want to run mitigation tasks on the endpoint, and then add the endpoint to the list again after all mitigation tasks have been completed.
|
Resolved threats: All selected threats resolved | User-initiated On-demand Scan | Threats that the user chose to resolve have been resolved. The user chose to leave other threats unresolved. Check if there is a reason for not resolving the remaining threats (for example, the infected files are required to run the endpoint properly). For threats that you believe are safe to access, send threat samples to your support provider for analysis. |
Scanned endpoint: No action performed on threats | User-initiated On-demand Scan | Users can manually select the threats to resolve. The user chose to leave all the detected threats unresolved. Check if there is a reason for not resolving the threats (for example, the infected files are required to run the endpoint properly). For threats that you believe are safe to access, send threat samples to your support provider for analysis. |
Unsuccessful: Mitigation timeout | Threat mitigation | The agent did not finish a task within a certain time period. Actions:
|
Unsuccessful: Cannot connect to endpoint |
| Threat Mitigator notified the agent to run a task. However, the agent was unreachable.
Verify the following:
|
Unsuccessful: Cannot run mitigation task on platform |
| The agent is running and can run mitigation tasks but the endpoint’s operating system does not support the mitigation task. If the endpoint’s operating system supports On-demand Scan:
For details about launching or running On-demand Scan, see Running On-demand Scan. |
Unsuccessful: Incomplete task |
| There were pending tasks before a deliberate or unexpected restart of Threat Mitigator. Upon restart, Threat Mitigator was unable to resume the tasks. Collect system logs and then send them to your support provider. |
Unsuccessful: Not all threats resolved |
| The agent was unable to resolve all threats. Actions:
|
Unsuccessful: Not all selected threats resolved | User-initiated On-demand Scan User's manual for motorola g plus 5th generation. | Some of the threats that the user chose to resolve were not resolved possibly because of errors in the On-demand Scan program or the agent. The user also chose to leave other threats unresolved. Actions:
|
Unsuccessful: Agent component problem | Threat mitigation | Components used by the agent will only be functional when the endpoint restarts. Restart the endpoint. |
Unsuccessful: Agent component error |
| The agent cannot perform the task because a component used by the agent encountered an error. Actions:
|
Unsuccessful: Corrupted configuration file |
| A configuration file required to run a task is corrupted. Actions:
|
Unsuccessful: Pattern not found |
| A custom pattern required to run a task is not available. On the Threat Management screen, check the custom patterns currently available on Threat Mitigator. If the pattern does not exist and you have TMSP as an on-premise application, try to deploy the pattern from TMSP’s administrative console. If you have TMSP as a hosted service, contact your Trend Micro representative for help. |
Unsuccessful: Cannot send scan query |
| The agent cannot start a task because it cannot send scan queries to the Smart Protection Server or the Trend Micro Smart Protection Network. If the task has started and the endpoint loses connection with Smart Protection Server and Smart Protection Network, it bypasses files requiring a scan query. Users can proceed to access the files. Ensure that smart protection settings are correct and that there is a functional connection between the endpoint and Smart Protection Server or Smart Protection Network. For details, see Smart Protection Technology. |
Rollback unsuccessful |
| The agent was unable to completely roll back files, registry keys, or services because the backup file does not exist or is corrupted. To complete the roll back:
HouseCallCLI.exe -RE -SID=%TaskID% |
See also: