Support Center

JumpCloud Agent Is Not Reporting

JumpCloud Agent 0.10.32  (JC Agent) may be erroneously flagged and quarantined by several anti-virus software programs, most notably Windows Defender.  Please note that the alerts are false-positives and there are no issues with the JC Agent.  

Unfortunately, once quarantined or flagged, these systems are not able to communicate to JumpCloud services. This may appear in your admin console as systems that are inactive or not reporting. These  JumpCloud managed system(s) may have already been flagged and may need intervention by Administrators. As a result, we are asking JumpCloud Administrators to inspect their Windows systems for this issue. 

To resolve the issue, you will need to remove the JC Agent from quarantine. In some cases, the quarantine can be removed by simply updating the virus definitions. In other cases, Administrators will have to intervene and manually clear the JC Agent from the quarantine.  ​
Restoration and whitelisting procedures varies by software vendor.  Please follow the restore/whitelisting process for the product you use.

Further information on whitelisting the JumpCloud agent

For Windows Defender:

Clearing the JC Agent from Windows Defender Quarantine via Windows Defender Application
Begin by confirming you have the latest Windows Defender definition.
If you do not,  please update your definitions.

Open Windows Security
Click Virus & Threat Protection 
Examine “Quarantined Items”
Look for “TROJAN:win32/Casdet!rfn”
IMPORTANT - click “details” and CONFIRM that the quarantined executable is:
  C:\program files (x86)\JumpCloud\jumpcloud-agent.exe
Click the agent,  then click Restore

After restoring from quarantine,  check to see if the JC Agent is present and running in the Services Console.  Allow up to 60 seconds for the system to begin reporting.

If you prefer to use COMMAND LINE: 

Please follow the steps below to clear cached detection and obtain the latest malware definitions.

1. Open command prompt as administrator and change directory to
 c:\Program Files\Windows Defender

2. Run “the following commands:
MpCmdRun.exe -removedefinitions -dynamicsignatures”
MpCmdRun.exe -restore -listall # List all things that can be restored
MpCmdRun.exe -restore -name "Trojan:Win32/Casdet!rfn" # Restores from quarantine

If the agent has been uninstalled or deleted from quarantine, it will need to be reinstalled.
Before reinstalling, confirm AV definitions are up-to-date.

Reinstalling the agent will cause the system to report in as a new system.  Administrators will need to reconfigure the system since group memberships, user bindings, etc will not have been retained.

If there are further issues or you need more assistance, please submit a support request.

Last Updated: Feb 13, 2019 01:48PM MST

Related Articles
seconds ago
a minute ago
minutes ago
an hour ago
hours ago
a day ago
days ago
Invalid characters found