Resolving Check Issues

Users
Home / Users / Resolving Check Issues

Resolving Check Issues

What are Checks?

Checks are little bits of code, like a script, that check that data collected about your device matches an expected value. For example, a Check might test your Chrome browser’s version is greater than or equal to a set version number. Checks run when you authenticate and on a set schedule.

Your organization chooses which checks to run and what happens when your device fails. Generally, this configuration corresponds directly with security requirements your organization is legally or contractually obligated to meet. Checks are highly customizable; your organization can even write their own Checks.

What are Check Issues?

Check failures are called Issues. When Kolide tells you about an Issue, it means your organization wants you to take action on your device to resolve a problem. Your organization can configure how Kolide behaves when your device has an Issue. This setting is called a Remediation Strategy and it determines the Issue’s status.

What is Issue Status?

Issue Status is a name for the behavior an Issue will cause when you try to log into a protected resource.

Notify Only

Notify Only status has no enforcement consequences when you are authenticating. However, it is still an Issue and you should still fix it!

Notify Only status in your browser authentication flow

The Kolide Menu Bar App will display a blue dot when an issue has Notify Only status

Will Block

Will Block status, also called Warn Then Block, gives you a grace period to fix the Issue before enforcing consequences.

If you fail to fix the Issue before the deadline, the Issue Status will transition to Blocked and your device will be blocked from authenticating.

Will Block status in your browser authentication flow

The Kolide Menu Bar App will display a yellow warning badge when the Issue status is Will Block

Blocked

Blocked status means your device cannot be used to authenticate into protected resources until the Issue is fixed.

Check Issues will start in Blocked status when the Issue indicates a critical problem with your device. This is generally a rare behaviour, but your organization decides which Issues are critical based on their security requirements.

Usually, your device will be Blocked when you have failed to fix an issue during the grace period of Will Block.

Blocked status in your browser authentication flow

The Kolide Menu Bar App will display a red “x” when an Issue has the Blocked status.

How do I resolve Issues?

Looking for Mobile instructions?
Head to Users - Mobile App - How to fix Issues

Fix the Issue

The best and most permanent way to resolve an Issue is to fix it. Every Issue has Fix Instructions that you can follow. Fix Instructions are initially written by Kolide, but can be edited or replaced by your organization.

You can view the Fix Instructions for an Issue by clicking its name in the Menu Bar app dropdown, or by clicking the Fix Issue button in the list of issues during browser authentication.

Snoozing a Blocking Issue

If your organization allows, you can snooze the Blocked status of an Issue temporarily. Snoozing extends the time before a Check will block a device by an additional 8 hours.

The goal of snoozing is to make sure a Blocked status does not prevent you from doing your job in the case of an emergency or urgent situation.

It is not intended to delay fixing issues. For this reason, a Check can only be snoozed at most once a week.

If your organization allows snoozing for the issue blocking authentication, a button will appear in the web authentication flow.

You can also access the Snooze feature by clicking on a failing Check in the Menu Bar app and choosing Snooze Blocking… from the Other Options… menu.

Requesting an Exemption

If you believe a Check does not apply to your device or that your role requires a device configuration that causes Check Issues, you may request a permanent exemption.

Exemptions are not intended for Issues you need more time to solve; they permanently exempt your device from that Check.

To request an exemption:

  1. Navigate to the Fix Instructions page for that Issue. You can click on the Check in the Menu Bar app, or click the “Fix Issue” button next to the Issue in the web authentication flow.

  2. On the Check details page, select Other options… and then Exemption Request.

  3. In the modal that appears, write a detailed message that an administrator can use as context for their review. If this Check has multiple open Issues, use the checkboxes to select only the relevant Issues for this exemption request. Click Submit to Admin.

  4. Once submitted, you will receive a confirmation email. Your Kolide administrators will receive an email.

Once an administrator approves or denies your request, you will receive a follow-up email notification informing you about their decision.

Withdrawing your Exemption Request

If you need to withdraw your request, follow these steps:

  1. On the Check details page, locate an Issue associated with the exemption request and click Exemption Requested.

  2. In the modal that appears, click Withdraw Exemption Request.