Troubleshooting

Double-check your email and password. If you've forgotten your password, use the "Forgot password" link on the sign-in page to reset it. If your organization uses SSO, make sure you are using the SSO sign-in option instead of email/password. If the problem persists, contact your organization administrator to verify your account status.

If SSO is misconfigured and you cannot sign in, contact your organization administrator. Administrators can disable SSO from the Settings page using their existing session. If no administrator can access the portal, contact our support team for assistance with account recovery.

Sessions expire after a period of inactivity. The default idle timeout is 30 minutes. Organization administrators can adjust the session timeout in Settings. If you are being signed out more frequently than expected, check if your browser is clearing cookies or if a browser extension is interfering.

Administrative pages (team management, settings, audit log) require the Admin or Owner role. If you need access, ask your organization's Owner to update your role from the Users page. Only Owners can promote users to Admin.

Team invitations grant immediate access to the organization once the invited user creates an account. The invitation link takes the user to the sign-up page. If the link appears broken, ask your administrator to resend the invitation. Invitations do not expire, but each email address can only have one active invitation at a time.

Two-factor authentication is managed by your identity provider when SSO is enabled. If you are having trouble with 2FA codes, contact your identity provider's support or your organization's IT administrator. For accounts not using SSO, password reset will guide you through re-enrolling in 2FA if needed.

Most analyses complete within 60 seconds. Large or complex files (archives with many inner files, large executables) may take up to several minutes. If an analysis has been pending for more than 10 minutes, try re-analyzing the file. If the issue persists, the file format may be causing a processing issue. contact support with the file hash.

Trust scores are computed from multiple weighted signals including threat detection results, code signatures, software category, vendor reputation, and metadata quality. If a score seems unexpected, check the score breakdown on the report page for details on each contributing factor. Adding your own threat intelligence keys in Settings can provide richer detection data and more accurate scoring.

A rejected file means the file type is not supported for analysis. Check the supported file types on our file types page. The platform supports over 200 file types. If you believe the file type should be supported, the file extension may not match the actual file content. try renaming with the correct extension.

After requesting a re-analysis, allow up to 60 seconds for the new results to appear. The report page will refresh automatically. If results still show the old data, try a hard refresh in your browser (Ctrl+Shift+R or Cmd+Shift+R). Re-analysis counts toward your monthly analysis quota.

Vendor information is derived from code signatures, metadata, and enrichment data. Not all software includes publisher information, especially unsigned or open-source tools. Vendor intelligence is continuously improving as our enrichment database grows. If you have additional context about a publisher, contact support.

Category detection depends on file type, metadata, internal structure, and behavioral indicators. Some files. particularly obfuscated, packed, or uncommon formats. may not match a known category. The classification engine covers 65+ software categories and is regularly expanded.

Verify that the enrollment code has not expired. codes are short-lived for security. Generate a fresh code from the Agents page and try again. Ensure the machine has network connectivity to the API (no firewall blocking outbound HTTPS). Confirm that the agent binary matches the operating system and architecture of the target machine (e.g., arm64 binary on an arm64 host).

An offline status means the agent has not sent a heartbeat recently. Check that the agent service is running on the machine. On Windows, check Services; on Linux, check systemd; on macOS, check launchd. Verify that the machine has network access to the API. Firewalls, proxies, or VPN changes can block the agent's outbound connections.

Check the scan policy assigned to the agent. Verify that the watched directories include the paths where files are appearing. Confirm that the file extensions are included in the policy's file type filter. If using a custom scan interval, the agent will only check for new files on that schedule. reduce the interval for near-real-time scanning.

When enforcement mode is active, blocked files are moved to a secure quarantine directory on the endpoint. Administrators can restore quarantined files from the agent management page in the portal. Select the agent, view its quarantine list, and click "Restore" on any file to return it to its original location.

Reduce bandwidth usage by adjusting the scan policy: increase the scan interval so the agent checks less frequently, lower the maximum file size to skip very large files, and narrow the watched directories to only the paths that matter. These settings are configured per-policy from the portal and take effect on the next heartbeat.

A 401 response means the API key is invalid, expired, or revoked. Go to the API Keys page in your portal and check the key's status. If the key has been revoked, create a new one. Ensure you are passing the key correctly in the Authorization header as "Bearer YOUR_API_KEY". Keys are scoped. verify the key has the required scopes for the endpoint you are calling.

The maximum file size for uploads is 500 MB. If your file exceeds this limit, it cannot be analyzed. For archives, consider uploading the inner files individually. If you regularly need to analyze files larger than 500 MB, contact us about Enterprise options.

Verify that your webhook URL is publicly reachable over HTTPS. The platform sends a POST request with a JSON payload to your configured URL. Check the webhook configuration in Settings to ensure the URL is correct and the webhook is enabled. If your server is returning errors, the platform will retry delivery with exponential backoff. Check your server logs for incoming requests.

For third-party integrations (threat intelligence providers, AI enrichment), the API key is validated when you save the integration. If validation fails, double-check the key for typos and confirm it has not expired with the provider. Some providers require specific API tiers or permissions. consult the provider's documentation.

A 429 response means you have exceeded your plan's analysis quota for the current month. After hitting the monthly cap, uploads are throttled to 10 per day. You can check your current usage on the dashboard. To increase your quota, upgrade to a higher plan. Rate limit headers in each response show your remaining quota.

When you reach your monthly analysis limit, you are not cut off entirely. Instead, uploads are throttled to 10 per day for the remainder of the billing period. This ensures continuity for critical analyses while encouraging an upgrade for higher volume. Your quota resets at the start of each billing cycle.

Billing management requires the Owner role. If you need to update payment methods, view invoices, or change plans, ask your organization's Owner to make the changes or to grant you the Owner role. Each organization has at least one Owner.

When downgrading to a lower plan, features that exceed the new plan's limits become read-only. For example, if you downgrade from Business to Pro and have more than 5 approval rules, you can view but not create new rules until you are within the limit. Existing data is never deleted during a downgrade. Agents beyond the new plan limit will stop scanning but remain enrolled.

If a payment fails, update your payment method in the billing portal. You can access billing from Settings in the portal (Owner role required). The system will retry the charge automatically. If payment is not resolved, your account may be downgraded to the Free tier after a grace period. All your data is preserved regardless of plan status.