Predefined alerts

The agent software upgrade was successful, but a computer reboot is required to disable Windows Defender and enable agent protection.

A relay can't successfully download security components. This might be due to network connectivity issues or misconfigurations in Server & Workload Protection under Administration → System Settings → Updates . Check your network configurations (for example, the proxy settings of the relay group) and , and then manually initiate an update on the relay using the option on the Administration → Updates → Software page.

An abnormal restart has been detected on the computer. This condition may be caused by a variety of conditions. If the agent is suspected as the root cause, then the diagnostics package (located in the Support section of the Computer Details dialog) should be invoked.

This alert indicates that the agent service was restarted abnormally. You can safely dismiss this alert, or, if the alert reoccurs, create a diagnostics package and open a case with Technical Support.

Your pre-paid account balance has been depleted. You will no longer receive updates, including security updates, until your account is replenished. To ensure your security is maintained, please contact your sales representative to add credit to your account.

Your pre-paid account balance is running low. To ensure uninterrupted service, please contact your sales representative to add more credit to your account.

This may indicate a problem with the agent, but it also can occur if agent self-protection is enabled. In the Server & Workload Protection console, go to . In , and then either deselect or enter a password for local override.

This is usually caused by too many firewall and intrusion prevention rules being assigned. Run a recommendation scan on the computer to determine if any rules can be safely unassigned.

The agent failed to install successfully on one or more computers. Those computers are currently unprotected. You must reboot the computers which will automatically restart the agent install program.

This may indicate a problem with the agent, but it also can occur if agent self-protection is enabled. In the Server & Workload Protection console, go to . In , and then either deselect or enter a password for local override.

Server & Workload Protection has detected an older agent version on the computer that does not support all available features. An upgrade of the agent software is recommended. (Deprecated in 9.5)

Server & Workload Protection has detected a computer with a version of the agent that is not compatible with one or more security updates assigned to it. An upgrade of the agent software is recommended.

Server & Workload Protection has detected one or more computers with a version of the agent that is older than the latest version in Server & Workload Protection . An upgrade of the agent software is recommended.

Server & Workload Protection has detected a computer with a version of the agent that is not compatible with Server & Workload Protection . An upgrade of the agent software is required.

Updated rules have been downloaded but not applied to your policies. To apply the rules, go to > > and in the column, click .

A malware scan configuration that is configured for alerting has raised an event on one or more computers.

An anti-malware component failed on one or more computers. See the event descriptions on the individual computers for specific details.

One or more agent or relay failed to update anti-malware components. See the affected computers for more information.

The agent has reported that the anti-malware engine is not responding. Please check the system events for the computer to determine the cause of the failure.

The Anti-Malware module was unable to analyze or quarantine a file because the maximum disk space used to store identified files was reached. To change the maximum disk space for identified files setting, open the computer or policy editor and go to the Anti-malware > Advanced tab.

The agent on this computer has not received its initial anti-malware protection package, or its anti-malware protection is out of date. Make sure a relay is available and that the agent has been properly configured to communicate with it. To configure relays and other update options, go to Administration > System Settings > Updates.

The agent has reported that the Application Control engine failed to initialize. Please check the system events for the computer to determine the cause of the failure.

An application control ruleset could not be assigned to one or more computers because the ruleset is not supported by the installed version of the agent. Typically, the problem is that a hash-based ruleset (which is compatible only with agent version 11.0 or newer) has been assigned to an older agent. Agent version 10.x supports only file-based rulesets. (For details, see Differences in how 10.x and 11.x agents compare files.) To fix this issue, upgrade the agent to version 11.0 or newer. Alternatively, if you are using local rulesets, reset application control for the agent.

Server & Workload Protection has determined that a computer should be assigned an application type. This could be because an agent was installed on a new computer and vulnerable applications were detected, or because a new vulnerability has been discovered in an installed application that was previously thought to be safe. To assign the application type to the computer, open the 'Computer Details' dialog box, click on 'Intrusion Prevention Rules', and assign the application type.

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application is not authorized to read resources. Please verify that the Reader role has been assigned to the application.

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application password is invalid.

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application secret key has expired.

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Application is not found. The application possibly has been removed from Microsoft Entra ID .

The Microsoft Entra ID application can not sync the cloud data now. Maybe the application password is expired or the application is deleted. Please renew the application via .

The key pair for Azure service(s) has expired. You can remove this alert by updating your key pair on the Azure service's property page.

The key pair for Azure service(s) will expire soon. You can remove this alert by updating your key pair on the Azure service's property page.

Azure Cloud Account can't retrieve resources information from Azure API because the Azure Subscription cannot be found.

Disconnected from Census, Good File Reputation, and Predictive Machine Learning Service. Please see the event details below for possible solutions.

A clock change has been detected on the computer. Unexpected clock changes may indicate a problem on the computer and should be investigated before the alert is dismissed.

An agent was activated on one or more computers belonging to a cloud account that is not synchronized with Server & Workload Protection . Click the link in the 'Action' field above to add the cloud account to Server & Workload Protection . The computer(s) will be moved into the account, and may be billed at a lower hourly rate.

A communications problem has been detected on the computer. Communications problems indicate that the computer cannot initiate communication with Server & Workload Protection because of network configuration or load reasons. Please check the system events in addition to verifying communications can be established to Server & Workload Protection from the computer. The cause of the issue should be investigated before the alert is dismissed.

The agent software upgrade was successful, but the computer must be rebooted for the install to be completed. The computer(s) should be manually updated before the alert is dismissed.

The Activity Monitoring on Agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

The anti-malware protection on the agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

The Application Control protection on Agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

The Integrity Monitoring protection on Agent has reported that the computer needs to be rebooted. Please check the system events for the computer to determine the reason for the reboot.

One or more computers are using a policy that defines multiple interface types where not all interfaces have been mapped.

A duplicate computer has been activated or imported. Please remove the duplicate computer and reactivate the original computer if necessary.

These computers have been assigned an empty relay group. Assign a different relay group to the computers or add relays to the empty relay group(s).

The agent encountered an unexpectedly high volume of events. As a result, one or more events were not recorded (suppressed) to prevent a potential denial of service. Check the firewall events to determine the cause of the suppression.

Some events were lost because the data file grew too large for the agent to store. This may have been caused by an unexpected increase in the number of events being generated, or the inability of the agent to send the data to Server & Workload Protection . For more information, see the properties of the "Events Truncated" system event on the computer.

Execution of software was blocked on one or more computers. See the Application Control Events on the following computers for more information.