Top Benefits of Faronics Anti-Executable Enterprise for Corporate Security

Troubleshooting Common Issues in Faronics Anti-Executable EnterpriseFaronics Anti-Executable Enterprise (FAE) is a powerful application control solution that prevents unauthorized or unknown executables from running, protecting endpoints from malware, ransomware, and unwanted software. Despite its robust design, administrators can encounter issues during deployment, policy management, or day-to-day operation. This article walks through the most common problems, root causes, and step-by-step troubleshooting methods to restore proper operation quickly and securely.

---

1. Agents not reporting to the console

Symptoms:

• Endpoints show as offline or stale in the Management Console.
• No recent heartbeat or event logs from specific agents.

Common causes:

• Network connectivity issues (firewall, proxy, DNS).
• Incorrect server address or port configured on agents.
• Time synchronization mismatch between agents and server.
• Agent service stopped or crashed on the endpoint.

Troubleshooting steps:

1. Verify network connectivity:
   • Ping the FAE Management Server from the endpoint.
   • Confirm DNS resolves the server hostname.
   • Test TCP connectivity to the management port (default port depends on your deployment; check your network configuration).
2. Check agent service:
   • On Windows, open Services and ensure the Faronics Anti-Executable service (or related Faronics Agent service) is running. Restart it if needed.
   • Review Windows Event Viewer Application/System logs for service errors.
3. Validate agent configuration:
   • Open the agent’s local settings and confirm the configured Management Server address and port match the console.
4. Inspect firewalls and proxies:
   • Ensure corporate firewalls allow outbound/inbound traffic on the configured ports.
   • If a proxy is used, verify agent supports and is configured for it.
5. Confirm time sync:
   • Ensure both server and endpoints use NTP or domain time; large clock skew can break authentication or communication.
6. Reinstall or repair agent:
   • If other checks fail, run a repair install or reinstall the agent. Backup any local policy changes first.

---

2. Policies not applying or updates not propagating

Symptoms:

• New or modified policies in the console aren’t reflected on endpoints.
• Executables allowed/blocked on console still run or are blocked on client machines differently.

Common causes:

• Agent not checking in (see previous section).
• Policy distribution errors or permission issues on the management server.
• Cached policies or local overrides on the endpoint.
• Group/targeting misconfiguration (policy not assigned to the right group).

Troubleshooting steps:

1. Confirm agent connection and check-in time.
2. Verify policy assignment:
   • Ensure the correct policy is assigned to the device or device group.
   • Check inheritance and overrides in group hierarchy.
3. Force a policy update:
   • Use the console’s “push” or “refresh” option to push policies immediately.
   • On the endpoint, trigger an agent check-in or restart the service to force retrieval.
4. Review policy distribution logs:
   • On the management server, check distribution and synchronization logs for errors.
   • Look for permission or file access errors in the server logs.
5. Clear local cache/overrides:
   • Check whether local administrators have created exceptions; remove them or enforce policy.
   • If the client stores a local cache, clear it per Faronics guidance and re-pull policies.
6. Confirm licensing:
   • Ensure your licenses cover all targeted endpoints; some products limit policy application when license limits are exceeded.

---

3. Legitimate applications blocked unexpectedly

Symptoms:

• Authorized business applications fail to launch after Anti-Executable is deployed or after policy changes.
• Users report loss of functionality for permitted software.

Common causes:

• Whitelisting incomplete: missing file hash, path, or publisher rules.
• Application updates changed executable hashes.
• Application spawns helper/external processes that aren’t whitelisted.
• Path-based rules conflicting with more restrictive rules.

Troubleshooting steps:

1. Identify the blocked executable:
   • Check the client logs or console event logs to get the exact filename, path, and hash.
2. Create appropriate allow rule:
   • For signed software, create a publisher rule (certificate-based allow) rather than hash-based rules that break on updates.
   • For frequently updated apps, use path + publisher or directory rules instead of single-file hashes.
3. Whitelist child processes:
   • Check whether the main app launches helpers (updaters, installers, service processes). Add rules for those as needed.
4. Use temporary exception for urgent fixes:
   • Add a temporary local exception to restore business continuity while crafting a permanent policy.
5. Monitor and refine rules:
   • After allowing, monitor for any security alerts. Prefer least-privilege allows (specific publisher + path) over broad allows (entire directories).
6. Communicate with application owners:
   • Coordinate with software vendors or internal devs to sign binaries or provide stable update mechanisms.

---

4. Performance or high CPU/memory on endpoints

Symptoms:

• Noticeable system slowdown after FAE agent installation.
• High CPU or memory usage attributed to Anti-Executable processes.

Common causes:

• Scans or policy evaluations running frequently or on large numbers of files.
• Conflicts with other security agents (AV, EDR) causing repeated scanning.
• Corrupted agent install or log files growing large.
• Older hardware performance limits.

Troubleshooting steps:

1. Identify process using resources:
   • Use Task Manager or Resource Monitor to find Faronics-related processes consuming CPU or memory.
2. Check scan schedules and policy settings:
   • Adjust scanning frequency or exclusions to reduce load.
3. Coordinate with other security products:
   • Ensure exclusions/synchronization between FAE and antivirus/EDR to avoid duplicated scanning.
4. Repair or reinstall agent:
   • Corrupted installs can leak resources. Repair or reinstall the agent.
5. Clean up logs:
   • Rotate or clear oversized log files per vendor guidance.
6. Consider hardware limits:
   • On legacy machines, evaluate whether endpoint performance meets minimum requirements; if not, consider lighter agents or hardware upgrades.

---

5. Licensing and activation issues

Symptoms:

• Console reports license expired or insufficient.
• New endpoints fail to enroll due to license errors.

Common causes:

• License keys not imported correctly into Management Console.
• License count exceeded.
• Communication issue preventing validation with Faronics licensing servers (if cloud validation used).

Troubleshooting steps:

1. Verify license in console:
   • Open License Manager and confirm keys, counts, and expiration.
2. Re-import or re-activate keys:
   • Remove and re-enter license keys if they appear corrupted.
3. Check license usage:
   • Confirm number of protected endpoints does not exceed purchased seats.
4. Validate connectivity for activation:
   • If online activation is required, ensure the server can reach licensing endpoints or follow offline activation process if provided.
5. Contact Faronics support:
   • If license state looks incorrect, Faronics support can validate and adjust counts.

---

6. Console performance or web UI errors

Symptoms:

• Management Console pages load slowly, time out, or show errors.
• Backup/sync tasks failing.

Common causes:

• Database growth or fragmentation.
• IIS (if used) or web services misconfiguration.
• Insufficient server resources.
• Corrupted console cache or files.

Troubleshooting steps:

1. Check server health:
   • Monitor CPU, memory, disk I/O, and free disk space.
2. Inspect database:
   • Backup and compact/maintain the management database. Follow Faronics’ DB maintenance guidance.
3. Review web server logs:
   • Check IIS or web service logs for timeouts, error codes, or exceptions.
4. Restart services:
   • Restart the management console services and IIS application pool carefully during a maintenance window.
5. Restore from backup:
   • If corruption suspected, restore console components from a known-good backup after consulting support.

---

7. Logs show missing or cryptic error codes

Symptoms:

• Error messages with codes that are not obvious.
• Logs don’t provide clear guidance.

Troubleshooting steps:

1. Correlate timestamps:
   • Match client and server logs at the same time to trace the sequence of events.
2. Increase logging level temporarily:
   • Turn on debug or verbose logging on agent and console (only for limited time) to capture more context.
3. Search vendor knowledge base:
   • Use Faronics documentation or KB for error code lookup.
4. Collect logs for support:
   • Gather client logs, server logs, and screenshots; include system information and timestamps before contacting Faronics support.

---

8. Windows update or OS upgrade incompatibilities

Symptoms:

• After OS patching or version upgrade, FAE agents fail or block new OS components.
• Unexpected reboots or blocked system services.

Common causes:

• Agent incompatible with new OS build.
• Updated system files not whitelisted.
• Services not auto-updating during OS changes.

Troubleshooting steps:

1. Verify compatibility:
   • Check Faronics release notes and compatibility matrix for your OS build.
2. Update Faronics components:
   • Install vendor-recommended agent and console updates before large OS migrations.
3. Whitelist new system components:
   • If legitimate OS executables are blocked, add appropriate allow rules (prefer publisher-based allows).
4. Test in staging:
   • Validate upgrades on a test group before wide roll-out.

---

9. Conflicts with software deployment tools

Symptoms:

• Deployments via SCCM, Intune, or other tools fail because Anti-Executable blocks installers or scripts.
• Mass rollouts interrupted.

Common causes:

• Installer binaries not whitelisted.
• Script hosts or package managers blocked.
• Deployment tool processes spawn temporary executables not permitted.

Troubleshooting steps:

1. Identify deployment process components:
   • List executables and scripts used by the deployment tool.
2. Create temporary deployment policy:
   • Allow the deployment tool’s signing publisher, path, or specific processes during rollout.
3. Use maintenance windows:
   • Schedule installations during windows when you can safely relax policies.
4. Revoke temporary exceptions afterward:
   • Remove broad allows after deployment to maintain security posture.

---

10. Best practices to prevent recurring issues

• Maintain up-to-date documentation of allowed publishers, paths, and exceptions.
• Use publisher/certificate-based rules when possible to tolerate application updates.
• Test policy changes in a controlled staging group before enterprise rollout.
• Keep agents, console, and server OS patched to vendor-supported versions.
• Monitor logs and set alerts for unusual policy violations or agent check-in failures.
• Coordinate with other endpoint security tools to create complementary exclusion lists.
• Regularly review license usage and renewals to avoid unexpected expirations.

---

When to contact Faronics support

Contact Faronics support when:

• You have reproducible errors after following troubleshooting steps.
• You encounter data corruption in the management database.
• Licensing state appears incorrect after re-validation.
• You need vendor-specific patches or hotfixes for compatibility issues.

Gather this before contacting support:

• Exact product version numbers (console and agent).
• Recent logs (client and server) and timestamps.
• Configuration snapshots (relevant policy definitions and assignments).
• Steps to reproduce the issue.

---

This guide covers the most common operational problems administrators face with Faronics Anti-Executable Enterprise and provides concrete steps to resolve them. For environment-specific or persistent issues, collect detailed logs and escalate to Faronics with versions and repro steps.