Enhanced Security Measures in Place: To ensure a safer experience, we’ve implemented additional, temporary security measures for all users.
10-09-2022 09:08 PM
Hello ,
Noticed in operational status Endpoint whose agent version is not upgraded mentioning status as protected ,unprotected & unprotected ,
After seeing operational status data came across 6 unique issue in servers .
They are as follows:
1.
"Xdr Data Collection Not Running Or Not SentLinux kernel module detected repeated ungraceful shutdown/s
Btp Not Working ,Linux kernel module detected repeated ungraceful shutdown/s
Antimalware Flow Is Asynchronous ,Linux kernel module detected repeated ungraceful shutdown/s
Local Privilege Escalation , Linux kernel module detected repeated ungraceful shutdown/s" .
2. "Xdr Data Collection Not Running Or Not Sent
Linux kernel module failed to load Btp Not Working
Linux kernel module failed to load ,Antimalware Flow Is Asynchronous
Linux kernel module failed to load
Local Privilege Escalation , Linux kernel module failed to load"
3. Btp Not Working Agent is not running, disabled by cytool
Antimalware Flow Is AsynchronousAgent is not running
Antiexploit Protection Agent is not running
Local Privilege Escalation Xdr Data Collection Not Running Or Not Sent .
4. "Antimalware Flow Is Asynchronous
Linux kernel version is not supported
Local Privilege Escalation Linux kernel version is not supported General Agent Status Agent running, without any valid content"
5.Antimalware Flow Is Asynchronous Agent is not running
Antiexploit Protection Agent is not running
Local Privilege Escalation Agent is not running"
6."General Agent Status Agent running, without any valid content"
Kindly help me understand these 6 issues and a solution to how I can make linux server in protected mode .
10-09-2022 11:24 PM
Hi @Shashanksinha ,
Thank you for writing to live community!
Case 1 is a circumstance when you must have linux endpoints where you had an ungraceful shutdown couple of times(maybe due to power/user shutting down etc.) and leading to the kernel integrity module to crash. Recommendation is to fix the endpoint with a proper reboot and reinstall Cortex XDR agent on the same
Case 2,3,4 and 5 are related to either incompatible kernel versions or not allowed permissions(applicable for MacOS endpoints) or no content updates reaching the agent since the time of agent installations.
Case 6 is another used case of agents without content update.
Each of the used cases has its own requirement in itself. The first and foremost requirement is definitely content updates. Please check with the network administration team to allow the URLs required to be whitelisted to enable access to Cortex XDR and its associated content as listed here.
For kernel incompatibility, though it can be addressed with content updates, however it is time taking and hence for the delta period, you can allow the linux endpoints to run in User Space mode by configuring the agent operation mode to User Space in the agent settings profile.
For MacOS endpoints please check if all system privileges are provided as required.
Hope that answers you question.
Click Accept as Solution to acknowledge that the answer to your question has been provided.
The button appears next to the replies on topics you’ve started. The member who gave the solution and all future visitors to this topic will appreciate it!
These simple actions take just seconds of your time, but go a long way in showing appreciation for community members and the LIVEcommunity as a whole!
The LIVEcommunity thanks you for your participation!
