In FortiEDR, a Collector running in 'Autonomous' mode indicates that it cannot connect to the Core or its connection to the Core suffers from multiple timeouts or errors.

Some potential reasons why the endpoint might be in this state:

1. Network Issues: There could be network connectivity issues preventing the Collector from reaching the Core or Aggregator. This could be due to firewall rules, network configuration, or the device being out of the office.
2. Firewall Rules: Ensure that the necessary firewall rules are in place to allow communication between the Collector and the Core/Aggregator.
   
3. Device-Specific Issues: There might be issues specific to the device itself, such as network adapter problems or incorrect network settings.
   
4. Core or Aggregator Issues: There could be issues on the Core or Aggregator side that are preventing successful communication.
   
5. Geographical Distance: If the Core and Collectors are in far-away networks, latency or other network issues might cause communication issues.

The Collector will continue to protect the device and will keep trying to establish a connection every few seconds to a few minutes.
A review of the network configuration may be required to confirm that all necessary components are functioning correctly.