For assets with the Kaspersky Endpoint Security for Windows in the Endpoint Detection and Response Agent (EDR Agent) configuration, the Warning and Critical statuses for protection and control components may be displayed incorrectly.
The assets have one of the following statuses:
Telemetry is being sent, protection is fully operational.
Telemetry is being sent. This status means that at least one of the following EPP application components on the asset is disabled or not installed (the status reflects the current asset state or the issues in last 72 hours):
These components affect the fullness of sent telemetry. If a component is disabled or missing, Kaspersky Managed Detection and Response does not send the telemetry events related to this component. The installed EPP application may not include all of the listed components.
This status is applicable for assets with Kaspersky Endpoint Security for Windows 11 or later, Kaspersky Endpoint Security for Linux 11.2 or later, Kaspersky Endpoint Security for Mac 11.2 or later, or Kaspersky Security for Virtualization Light Agent 5.2 or later installed. For assets with the Kaspersky Endpoint Security for Windows in the Endpoint Detection and Response Agent (EDR Agent) configuration, this status is not displayed.
This status means that at least one of the following EPP application components on the asset is disabled or not installed (the status reflects the current asset state or the issues in the last 72 hours):
If any of these components are disabled or missing, Kaspersky Managed Detection and Response stops sending telemetry from your assets. The installed EPP application may not include all of the listed components.
This status is applicable for assets with Kaspersky Endpoint Security for Windows 11 or later, Kaspersky Endpoint Security for Linux 11.2 or later, Kaspersky Endpoint Security for Mac 11.2 or later, or Kaspersky Security for Virtualization Light Agent 5.2 or later installed. For assets with the Kaspersky Endpoint Security for Windows in the Endpoint Detection and Response Agent (EDR Agent) configuration, this status is not displayed.
No telemetry for more than 7 days (default value). You can change the number of days of absence of telemetry, after which the Offline status is displayed for the asset, in the Settings section. The available range is 2–29 days.
If you see the Offline status for your assets:
Offline status is not applicable for VDI assets (temporary virtual machines).
No telemetry for more than 30 days for physical assets or for more than 24 hours for VDI assets (temporary virtual machines).
If you see the Absent status for your assets:
You can hide assets with the Absent status in the asset list, in the reports, and in the data received via the API interface.