DescriptionA host marked for Delayed Remediation is marked "At-Risk" and moved to Remediation before the Delayed Remediation timer has run out.
SolutionIf the host no longer matches the original Endpoint Compliance Policy, and matches some other policy, then a different scan may run.
To verify if multiple scans have been run, do the following:
- Navigate to Hosts > Host View and search for the affected host record.
- Right click on the host record select Host Health.
- Once the extra scan has been identified check History to see when the scan was last run.
- Review the scan configuration under Policy > Policy Configuration to verify if the setting for Remediation. If set to "On Failure", then the host would be marked At-Risk immediately (regardless if the Delayed Remediation timer had not run out for the other scan).
- Review User/Host Profiles for the appropriate Endpoint Compliance policy and investigate why the host may have no longer matched.