"Ingress" agent deleted from Maximum PCs

amcysoc786 Lv1Posted 02 Oct 2023 16:55

Today i am facing an issue in which Ingress client is deleted from my maximum PCs.  I have checked all the logs of Active Directory and Event Viewer but didn't found any artifacts.  
1. Is sangfor IAG has capability to delete an agent unintentionally?
2. What are events ID created during installation/ deletion of agent from systems?

By solving this question, you may help 549 user(s).

Posting a reply earns you 2 coins. An accepted reply earns you 20 coins and another 10 coins for replying within 10 minutes. (Expired) What is Coin?

Enter your mobile phone number and company name for better service. Go

VinothG Lv1Posted 22 Nov 2023 23:29
  
Capability to Delete Agent Unintentionally:
Sangfor IAG or any other similar security solutions typically do not have built-in capabilities to delete agents or Ingress clients unintentionally. These solutions are designed to provide secure access and protection, and actions such as deleting agents are usually carried out by administrators intentionally. Unintended deletions may be caused by various factors, including human error or security incidents, but it would be unusual for a security solution to autonomously delete agents without explicit instructions.

Events IDs for Installation/Deletion:
The specific event IDs generated during the installation or deletion of agents can vary depending on the operating system and the logging configuration. In a Windows environment, you can check the Event Viewer for relevant logs. Common event logs include:

Application Log: Look for events related to the installation or uninstallation of applications.
Security Log: Check for events related to changes in security settings or permissions.
The actual event IDs can vary based on the software and operating system version. For example, in the Security Log, you might find event IDs related to changes in user rights, group memberships, or system configurations.

To find events related to specific activities, you may need to look for patterns or keywords associated with the Sangfor IAG installation or agent deletion. It's also possible that the Sangfor IAG solution logs its own events locally or in a central management console.

For accurate and detailed information, refer to Sangfor IAG documentation or contact Sangfor support. They should be able to provide guidance on where to find relevant logs and what event IDs to look for in your specific environment.
MTR Lv2Posted 15 Oct 2023 20:22
  
ChatGPT
It seems like you're dealing with a specific issue related to Sangfor IAG (Internet Access Gateway) and its agent being unintentionally deleted from PCs. Let's address your questions:

Is Sangfor IAG capable of deleting an agent unintentionally?

As of my last knowledge update in September 2021, Sangfor IAG is a network security solution designed to provide secure access to applications and resources. It doesn't have a built-in feature to delete agents from PCs. However, software behavior can change with updates, so it's possible that there may have been changes after my last update.

To get the most accurate and up-to-date information, I recommend consulting Sangfor's official documentation or contacting Sangfor support directly.

What are the event IDs created during installation/deletion of agent from systems?

The event IDs generated during the installation or deletion of agents would typically be specific to the operating system, and they wouldn't be directly related to Sangfor IAG.

In Windows, for example, installation and removal of software may generate various event IDs in the Event Viewer, under different event logs like "Application" or "System". These IDs can vary depending on the specific software, installation method, and the operating system version.

If Sangfor IAG has specific logging or auditing features, you would need to consult Sangfor's documentation or support resources for information on the relevant event IDs.

For troubleshooting specific issues with Sangfor IAG, it's best to refer to Sangfor's official documentation or reach out to their support team. They will have the most accurate and detailed information regarding the behavior of their software.
MISMIS Lv3Posted 12 Oct 2023 14:57
  
Verify that the agent is not configured for automatic removal by reviewing the Sangfor IAG settings.
Search for the provided Event IDs in the Event Viewer on the affected PCs. These Event IDs will help identify when an agent was installed or uninstalled.
Communicate with the impacted users to determine if they manually uninstalled the agent.
Adonis001 Lv3Posted 12 Oct 2023 14:55
  
A network security system called Sangfor IAG (Internet Access Gateway) offers functions including secure remote access, web filtering, and application control. Typically, it lacks an inherent capacity to independently remove agents or software from remote systems.
isabelita Lv3Posted 12 Oct 2023 14:55
  
1. An agent cannot be inadvertently deleted by Sangfor IAG.
2. Common event IDs are generated by the Windows Event Viewer for program installation and removal:
- Event ID 11707: Produced upon installation success.
- Event ID 11724: Produced when a removal was successful.
NeTSec Lv3Posted 12 Oct 2023 14:51
  
To ensure that the agent is not set up to be automatically removed, check the Sangfor IAG configuration.
Look for the Event IDs given above in the Event Viewer on the impacted PCs. These Event IDs can be used to determine when an agent was installed or uninstalled.
To discover if the affected users removed the agent on their own, check with them.
Naomi Posted 12 Oct 2023 14:50
  
An inadvertent agent deletion is not supported by Sangfor IAG (Internet Access Gateway). Typically, deleting an agent calls for particular user or administrative activities.
Jonas Great Lv2Posted 12 Oct 2023 12:54
  
   Event ID 11707: This is typically logged when software is installed.
             Event ID 11724: This can be logged when software is removed.
jesspastor Lv2Posted 12 Oct 2023 12:53
  
Installation: Event ID 11707 (Installation initiated)
Deletion: Event ID 11724 (Removal initiated)
Hector Ignacio Lv2Posted 12 Oct 2023 12:52
  
Depending on the Windows operating system version and the individual program installation technique (e.g., MSI installer, script), event IDs relating to software installation or removal might change.

In the Windows Event Viewer, typical Event IDs for program installation and removal can be:

When software is installed, the event ID 11707 is normally logged.
Event ID 11724: When software is uninstalled, this might be recorded.

It is important to keep in mind that these event IDs are connected to Windows Installer operations. Depending on the software deployment technique used as well as other variables, different event IDs may apply.
You should check the event logs on the impacted systems for pertinent event IDs, error messages, or other signs of software removal in order to look into the removal of agents from your PCs. Additionally,

I Can Help:

Change

Moderator on This Board

1
3
5

Started Topics

Followers

Follow

Board Leaders