logo

Knowledge Base

Access official resources from Carbon Black experts

Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Sensors marked as offline despite checking in normally

EDR: Sensors marked as offline despite checking in normally

Environment

  • EDR Server: 7.x

Symptoms

One or more sensors are marked Offline in the EDR console even though they are checking in regularly. 

Cause

Time is not properly synced between the EDR server(s) and endpoints

Resolution

  1. Enable NTP across all server nodes and endpoints
  2. Ensure time is synced across devices

Additional Notes

  • By default, Sensors will attempt to check into the EDR server every 1 minute.
  • By default, the EDR server will mark a sensor as 'Offline' if the endpoint hasn't checked in for 5 minutes. 
  • If the time difference between devices is more than 5 minutes, then this issue will occur. 
  • This symptom will not prevent event telemetry from being uploaded to the EDR server

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎03-03-2023
Views:
468
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.