Rishabh, you need to figure out what is causing long evaluation -
- Select some of the endpoints which are showing evaluating & right click --> view as group (it will create ad-hoc group)
- Check their action history & find out which action is still running on them.
- You can also look into their client logging
- Restart the BESClient service
- Open case with HCL for further investigation
You can also query client db to check if there is any open/running action still there, using below client relevance query -
Q: if ((column 0 of it as string != "0") OF (row of statement "select COUNT(ActionName) from ACTION_HISTORY WHERE strftime('%25s', 'now')" of sqlite databases of files "ActionHistory.db" of folders "__Global" of data folders of clients)) then ((column 0 of it,column 1 of it, column 2 of it, preceding text of first ":" of following text of first ":s=" of (it as string) as string) of (rows of statements "SELECT datetime(IssuedTime, 'unixepoch', 'localtime'), IssuerName, ActionName, State FROM ACTION_HISTORY INNER JOIN ACTION_STATE_HISTORY ON ACTION_HISTORY.ActionId = ACTION_STATE_HISTORY.ActionID WHERE strftime('%25s', 'now')" of sqlite databases of files "ActionHistory.db" of folders "__Global" of data folders of clients) as string) else "No Actions"
A: 2023-04-23 21:12:41, BFXAdmin, Uninstall Flash Player For Windows, Executed
A: 2023-04-23 21:13:54, BFXAdmin, 5019178: Update for Windows 11 Version 22H2 - Windows 11 - KB5019178 (x64), Executed
A: 2023-04-23 21:13:43, BFXAdmin, 5003279: SQL Server 2016 Service Pack 3 Available (x64), Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (v2, re-released 6-14-2011), Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2008 SP1 Redistributable Package (x64) (v2, re-released 6-14-2011), Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group - MS11-025: Vulnerability in Microsoft Foundation Class (MFC) Library Could Allow Remote Code Execution - Microsoft Visual C++ 2010 Redistributable Package SP1 (x64), Executed
A: 2023-04-23 22:02:57, BFXAdmin, MS23-FEB: Security Update for SQL Server 2016 SP3 CU - SQL Server 2016 SP3 - KB5021128 (x64), Executed
A: 2023-04-23 22:02:47, BFXAdmin, MS23-FEB: Security Update for SQL Server 2016 SP3 GDR - SQL Server 2016 SP3 - KB5021129 (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: KeePass v2.53.1 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: Azure Data Studio v1.42.0 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: TeamViewer v15.40.8 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: VLC v3.0.18 - Windows (x64), Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group - Update: WinRAR v6.21.0 - Windows (x64), Executed
A: 2023-04-23 22:06:13, BFXAdmin, Multiple Action Group - Notepad++ 8.5.2 Available, Executed
A: 2023-04-23 22:06:13, BFXAdmin, Multiple Action Group - .NET Runtime (x64) 3.1.32 Available, Executed
A: 2023-04-24 12:09:57, BFXAdmin, OpenSSL 3.0.0 - 3.0.6 Detection - YARA Scan - Windows x64, Executed
A: 2023-04-23 22:02:36, BFXAdmin, Multiple Action Group, Executed
A: 2023-04-23 22:06:31, BFXAdmin, Multiple Action Group, Failed
A: 2023-04-23 22:06:13, BFXAdmin, Multiple Action Group, Failed
A: 2023-05-05 13:17:31, BFXAdmin, Custom Action, Executed
**A: 2023-05-05 13:18:24, BFXAdmin, Custom Action, Running**
T: 3.109 ms