search cancel

What is the difference between "Shutdown" and "Disable" Agent Tasks in the Agent List in the Enforce console?

book

Article ID: 175137

calendar_today

Updated On:

Products

Data Loss Prevention Endpoint Prevent Data Loss Prevention Enforce Data Loss Prevention Endpoint Discover

Issue/Introduction

It is unclear at first what is the difference between the agent tasks to "Shutdown" and "Disable" the Endpoint Agent from the console. See below:

The 15.0 and Newer Admin Guides mention briefly what they do: 


 

Resolution

The main difference between the two agent tasks is that "Shutdown" is a temporary method to disable the agent where as disable is a more permanent method for troubleshooting.

"Shutdown" is effectively the same as the shutdown tool provided in the agent tools that stops the agent services and they will be brought back up on restart of the machine, using the SC command, or restarting the EDPA/WDP services. 

"Disable" will stay until Enforce Admin changes back via "Enable". The Task stops all components of the endpoint agent involved with detection and only leave communication components; i.e., no monitoring will take place and thus no incidents. This allows for troubleshooting of issues without DLP to take place easily on one agent without making drastic changes to the Agent Configuration. 
NOTE: No Policy updates will be received during this time until the agent is Enabled again. 

For more information see DLP Endpoint Agent Status Troubleshooting for more information about Agent Status. 

 

Attachments