Computers won't update their CIS config


I can install the agent and application fine onto the computers but some of them are refusing to update the CIS config.

The specified ports have been opened via a GPO but the computers just don’t take the settings.

Is there a way to do this on the machine, like you can with agent and application installs? This would save so much time. I’ve wasted hours trying to get some computers to take the settings.



The only reason I can think of off the top of my head for the endpoints not to accept a pushed config update is if they are not successfully connected to the CESM Console, showing up as Managed and “green”.

If they are Managed and showing up green (indicating an active connection), there may be a something you’re missing in building the Config file, the Task, and running the Task (either via schedule or manual).

The connection to the systems (ie, port access, etc) is not managed by GPO, but is a function of the CESM Agent, which communicates with the CESM Console.

Some earlier versions of CESM (and Agent), the service was not properly initializing on the endpoint and/or console server to allow proper communication. Stopping/restarting manually was the only way to effectively get that resolved. I experienced that and worked with the engineers to resolve the issue in versions since (that was 1.1, if I recall correctly).

Hope that helps,


Do you have any task result while applying CIS config to endpoint.
Also I think it is possible if endpoint computer is log off. In that case CIS cannot accept/apply config.

New CESM is available.

Try new version. Xcitium Endpoint Security Manager - enterprisexcitium