EDR Status service
The EDR Status service monitors the actions and status of N-able Endpoint Detection & Response (EDR), helping you to confirm that EDR has been successfully installed, is running properly, and providing insight into if there are any issues detected by EDR that require action on your part.
This service queries the installation of EDR by running the SentinelCtl.exe executable, and then analyzing the results.
Details
| Name | Details |
|---|---|
Instances on a Device | 1 |
Supported Systems/Applications | Devices running N-able Endpoint Detection & Response |
Device Class | Server – Windows, Workstations – Windows, Laptops - Windows |
Monitored By | Windows agent |
Scan Interval | 10 minutes |
Metrics
| Metric | Description |
|---|---|
Dynamic Engines | Monitors that EDR’s Dynamic Detection Engines are loaded. This metric will report a Failed state if any of the following Engines are disabled within an EDR profile:
|
EDR Kernel Driver | Monitors that the EDR Kernel Driver has been loaded. Note that for the EDR Kernel Driver to be loaded, devices must be rebooted after the initial install of SW EDR, so it’s normal to see this metric report a Failed state until the device has been rebooted. |
Infected Status | Monitors whether SW EDR has detected an infection on the device. This metric will only report a Failed state if an infection has been found and an action must be taken. |
Is EDR Installed | Monitors whether SW EDR has been installed on the device. |
Status of the EDR Windows Service | Monitors if the EDR Windows Service (Sentinel agent) is running. |
Tamper Protection | Monitors the state of Tamper Protection on the device. Tamper Protection is controlled in the EDR profile, under the Agent Configuration section – look for the Anti Tamper toggle switch. |