Troubleshooting miscellaneous issues related to Portnox Cloud risk assessment

In this topic, you will find troubleshooting information for common issues related to Portnox Cloud risk assessment.

How does Portnox Cloud check and report risk assessment policy attributes?

AgentP monitors the attributes defined in the risk assessment policy. Most attributes do not follow a fixed schedule. Changes are detected immediately when they occur, such as process, service, or antivirus changes. Some attributes, like registry keys, are checked approximately once every hour.

There is no specific order for attribute checks. The overall risk score is calculated from all attributes as soon as the data is available. Devices are blocked immediately when the risk exceeds the defined threshold.

If you have software that monitors local account login attempts, and use Portnox Cloud with AgentP and risk assessment policies, you may notice that machines with AgentP get locked out because of an excessive number of local account login attempts or because of password quality problems. This behavior was observed, for example, with Defense Storm software. What is causing these lockouts?

There is a risk assessment policy option in Portnox Cloud to test local account password quality. To access it, go to: Policies > selected_policy > Edit > Agent-based (AgentP) > Windows > Log-in and accounts. Then, see if the option Each user account on the device has a non-blank, strong password is activated.

If this option is activated, AgentP will make many attempts to log in to the local user account using well-known weak passwords. To avoid this problem, turn this option off or adjust your alarm limits in your third-party security software. There is no workaround, because to test for weak passwords, AgentP must make many such attempts.