Endpoint Security Troubleshooting

This workshop introduces a framework for troubleshooting the FireEye Endpoint Security (HX) appliance and Endpoint Security Agent installations. The course includes checklists, case studies and guidance for transitioning difficult cases to the FireEye support team. Optional modules expand this workshop to include FireEye core hardware and virtual appliances

This workshop is experimental hands-on and will give learners experience resolving common issues.

Learning Objectives

After completing this course, learners should be able to:

  • Resolve issues commonly encountered with Endpoint Security Agent whitelisting
  • Validate endpoints to ensure that they are performing as expected
  • Use Endpoint Security logs and diagnostics for troubleshooting
  • Explore common issues across core installations
  • Understand common issues with hardware and virtual appliances

Who Should Attend

FireEye Endpoint Security appliance administrators who must regularly resolve FireEye Endpoint Security issues.


Completion of the Endpoint Security Deployment course. Experience with network administration and support.


1 day

Instructor-Led Training Instructor-Led Training

Courses cannot be purchased or accessed from this site.

If you would like to register for this course, please contact your FireEye account manager.

Thank you.

Course Outline

Instructor-led sessions are typically a blend of lecture and hands-on lab activities.

  1. Deployment
    • Checking hardware deployment
    • Endpoint Security Agent compatibility and installation
  2. Common Troubleshooting Issues
    • Troubleshooting process
    • Basic Troubleshooting
    • Best Practice
    • Common Issues
      • Licensing
      • Admin
      • Operation
      • Notifications
      • Boot
      • Performance
      • Upgrade
  3. Hardware Troubleshooting
    • Troubleshooting PSU and HDD issues
    • Universal LED
  4. Virtual Endpoint Security Deployment
    • Troubleshooting Installation
    • Licensing and setup
    • Creating effective memory map I/O settings
  5. Logs
    • Obtaining logs and configure files
    • Searching and understanding logs
    • Creating endpoint diagnostics
    • Challenge Lab
  6. Connectivity
    • Agent connectivity and validation
    • Determine communication failures
  7. Whitelisting
    • Whitelisting known files
    • Whitelisting in 3rd party programs
    • Validate a whitelist
  8. Performance
    • General performance settings
    • Understanding and editing polling
    • Event Storage I/O
    • Modifying a single endpoint configuration for evaluation
  9. Transition
    • Transition a case to FireEye Customer Support
    • Using the FireEye Customer Portal