MDR

Troubleshooting

Endpoint not submitting data to MDR

To resolve this issue, follow these steps:

  1. Check if the endpoint has internet access.

    • If there are connectivity issues, attempt to fix the problem and regain access to the internet.

    • If this is by design, and the endpoint is part of an internat network, set up a relay or a proxy so that that EDR traffic sent by BEST can reach the MDR ports specified in step 2.

  2. Test the connection to MDR ports:

    1. Go to command prompt.

    2. Type in the following command:

      For Europe:

      telnet ingestors-eu.bmdr.bitdefender.com 441
      

      For the US:

      telnet ingestors-us.bmdr.bitdefender.com 441

      Note

      If you are receiving the 'telnet' is not recognized as an internal or external command,operable program or batch file, follow the steps below and try the entry again:

      1. Go to Control Panel > Programs and Features.

      2. Select the Turn Windows features on or off option on the right side of the window.

      3. Enable Telnet Client.

      4. Select OK.

    If successful, the following will be returned:

    145684_1.png

    If the connection fails, make sure your firewall rules allow traffic through to that address and port.

  3. Go to the Network page, find the endpoint in question and click on it to view endpoint details.

  4. Go to the Protection tab.

  5. Under the Endpoint protection section, make sure that the latest version of BEST is installed on the endpoint.

  6. Under the Overview section, make sure the EDR module is on.

  7. Go to the Policy tab and open the applicable policy.

  8. Go to the Incidents Sensor page. If the service is disabled, you need to activate it.

  9. Go to the General page, and select Security Telemetry. If the service is enabled, you need to disable it.

  10. Click Save.

If the issue is still occurring at this point, use the support tool to gather logs on the endpoint experiencing issues.