Security feature impacts
The agent is affected if it runs on top of the kernel with BHI patched. The following is the detailed impact for each security feature in this case.
- VFS-Filter KSP - The VFS-Filter KSP no longer provides the corresponding kernel driver modules for those kernel version with BHI patched.
- Anti-Malware - Anti-Malware feature enters to basic function mode in this case. For those agents that don’t enable fallback mode, Anti-Malware engine becomes offline.
- Application Control - Application Control feature loses its enforcement ability. “Application Control Engine Offline” agent event is generated.
- Activity Monitoring - For agent build versions less than or equal to 20.0.1-4540 (March 2024 Release), Activity Monitoring feature loses telemetry ability. For other new agent builds, Activity Monitoring feature enters to basic function mode, which can continue to provide basic telemetries.
- Integrity Monitoring - If Integrity Monitoring feature is enabled with Real Time option checked, then “Integrity Monitoring Engine Offline“ agent event is generated, which indicates that it loses real-time integrity check ability. Users can still use Scan for Integrity button to do integrity check for the target folders/files.
- Other security features are not affected by the BHI kernel patch.
Affected platform and kernel versions
Customers can find out BHI patched platforms and kernel version under Deep Security 20.0 Supported Linux Kernels, which will be marked with a Δ.
Known Issue
Since Oracle's uek kernels have different system configs, the following list are currently not supported:
- oracle 7: 5.4.17-2136.332.5.2.el7uek and above
- oracle 8:
- 5.4.17-2136.332.5.2.el8uek and above
- 5.15.0-207.156.6.el8uek and above
- oracle 9: 5.15.0-207.156.6.el9uek and above
If fallback mode is enabled, our service still provides basic protection for those kernels, ensuring that the Anti-Malware and Activity-Monitoring features continue to have basic functions.
Workaround / Mitigation Plan
For customers who have concerns about the security impacts and the compatibility with Trend Micro products, please use the newest Kernel Support Packages to solve the BHI issue.