A user created a PowerShell script to check if a machine is running MS Defender Endpoint in EDR Block Mode and asked about setting up a trigger for alerts. Another user suggested using event log entries to trigger actions, citing a thread discussing it on the ControlUp Community Slack. The original script is provided in the discussion for reference and the user updates it to address false positive reports. The final version of the script is tested and confirmed to work.
Read the entire article here...
Logs Related Training & Support Archives
Logs training and support-related archives from inside the ControlUp Community on Slack.
Configuring ControlUp to Send Logs to On-Prem QRadar using API
A user asked about configuring ControlUp to send logs to an on-prem QRadar using an API. Another user provided the API endpoint and praised ControlUp's developers. The API endpoint can be found at https://api.controlup.io/reference/orgauditlogpubliccontroller_getall
Read the entire article here...
Read the entire article here...
Bug with User Input Delay on Win 11 23h2 to 24h2 Upgrade
Multiple users reported a bug with user input delay when upgrading from Win 11 23h2 to 24h2, with over 25 devices affected. One person suggested rebuilding perfmon counts may solve the issue. The ControlUp team will investigate on Monday as users have already left the office.
Read the entire article here...
Read the entire article here...
Troubleshooting: Error when adding CVAD EUC environment to ControlUp Console.
A user was experiencing an error when trying to add a CVAD EUC environment in the ControlUp console. Despite trying different connection methods and troubleshooting, the issue was not resolved. After updating to ControlUp Console 9.1.0.654, the problem was resolved. It was suggested to check for specific console builds or update to version 9.1 as a solution. The user updates to the newest version and the issue is fixed.
Read the entire article here...
Read the entire article here...
Setting Up Alerts for SQL Always On Availability Group Failovers
A user asked for help with setting up an alert for a customer's SQL Always On Availability Group. Suggestions were made to use a PowerShell script or a scheduled trigger using the Edge DX agent. It was eventually resolved with the use of a PowerShell script that runs every 5 minutes and checks event logs for specific event IDs. No incidents are generated due to the potential scale of scheduled triggers.
Read the entire article here...
Read the entire article here...
Implementation of ControlUp monitoring for specific failed events
A user is looking to use CU to monitor their CA server for specific failed events, and wants to know if the trigger will work for each event. The trigger will only work for Warning or Error events, and one way to test it is by using a PowerShell script to generate a similar event on a machine with the CU agent installed. The script to create a test event is also provided. The event source must be created first if it does not already exist.
Read the entire article here...
Read the entire article here...
BSOD Events in ControlUp and How to Investigate Them
A user asked about BSOD events in ControlUp and shared that they have around 700 devices and 3-5 BSOD events per day. Another user suggested using the BSOD analysis script from the library to get more detailed information. After looking into the reported BSOD event, it was unclear if it was an actual BSOD or just a minidump. The user wanted this issue resolved and was willing to provide any necessary information. The power events tab in ControlUp can be checked to see if a machine rebooted during a reported BSOD event. The user was unsure if the machine had automatically rebooted when the user was not at their device.
Read the entire article here...
Read the entire article here...
How to Troubleshoot ControlUp Monitor Script Actions Not Firing
A user encountered an issue with script actions not firing as expected on a ControlUp Moniter. This led to a discussion on potential solutions and troubleshooting steps, including checking the script location and examining monitor logs. The user ultimately decided to look into the issue further when they have access to the customer environment. Troubleshooting steps and suggestions were provided by other members in the Slack discussion.
Read the entire article here...
Read the entire article here...
Real-time Monitoring for Registry Changes on ControlUp VDAs
A user asked for a way to monitor a registry key or value on a VDA and trigger an action (script) to run if the value changes or is null. Another member suggested using ETW to track registry changes or creating a scheduled task that runs every X seconds to check the key with PowerShell. Real-time monitoring is desired in order to prevent necessary audit trails from being lost.
Read the entire article here...
Read the entire article here...
Gathering logs through ControlUp Academy and PowerShell scripts
A discussion took place about using ControlUp Academy to gather logs via PowerShell scripts. Hosting a CDN in Azure was suggested as a solution. However, another user suggested creating a function instead that would prompt for the log location and then download it as a .txt or .log file. This would be helpful in situations where users don't have time to provide logs or are VIPs. The idea was also brought up to consolidate all log-related ideas into one to put pressure on product management. There was also a question about whether input can be prompted in EdgeDX or ControlUp for Desktops.
Read the entire article here...
Read the entire article here...