Control Compliance Suite (CCS)

Agentless CCS Data Collection or CER (collection-evaluation-reporting) jobs return "Unknown" results from Windows assets when using Audit Policy checks. Running another job that does not have Audit Policy checks brings back correct information, only the of the Audit Policy checks show up as 'Unknown'.

No error message is displayed in the CCS console with the job run.

When CCS run checks agentless on a server, there are different ways that the CCS manager can get that information.  For some checks CCS can just use API calls, for some CCS just needs to look at values, etc, but some checks CCS installs a mini 'dissolving agent' to get the information, and once that information is gathered the 'dissolving agent' is removed from the sever.  If that agent is being blocked or hindered, that is why you are seeing 'Unknowns' for that check because that dissolving agent is not allowed to get the information so CCS returns 'Unknowns'.  For Audit Policy checks (as well as other checks) use the dissolving agent is used to collect the required information. 

Make sure that the CCS 'dissolving agent' is not being blocked by third party applications (i.e. Carbon Black, etc).  If the dissolving agent is being blocked and is not able to be installed, the checks will show up as 'Unknown' and no errors will show up in the CCS console.  The dissolving agent will need to be allowed access to be able to collected the required data for the checks.