The issue happens because both CA ControlMinder and Deep Security RTS (RealTimeScan) access the same low-level system resource. When CA software starts first, Deep Security continuously restarts because the low-level system resource is already allocated. On the other hand, when Deep Security starts before the CA software, the CA software causes the kernel panic.
To resolve the issue:
- Create the ds_am.ini file under /var/opt/ds_agent/am/.
- Add the following line:
/opt/ds_agent/lib/libvmpd_dsa_rtscan.so=rtscan_hook_enable=1,rtscan_hook_kern_method=2
- Restart the ds_agent service.
- If the issue persists, change the parameter in Step 2 by modifying its value from "2" to "1" as shown below:
/opt/ds_agent/lib/libvmpd_dsa_rtscan.so=rtscan_hook_enable=1,rtscan_hook_kern_method=1
Whereas:
1 = use redirfs hook only
2 = use syscall hook only
3 = use both; default value
Disabling either redirfs hook or syscall hook should be able to avoid the hooking issue while keeping the real-time scan detection ability.
Note that there is a design limitation when using redirfs hook only that it still needs to do syscall hook to sys_mount/sys_unmount for dynamic detection on newly mounted filesystems, meaning there will be DS driver print syscall hook/unhook in the logs.