The compatibility issue happens when re-installing kernel hooks because of the defect in the Deep Security Agent kernel module (TMHook). The affected version of the TMHook driver are versions 1.1.1304 ~ 1.1.1310 and 1.2.1124 ~ 1.2.1149. These are included in the following DSA versions:

• Deep Security Agent 20.0 GM (20.0.0.877) and newer (released on July 30, 2020)
• Deep Security Agent 12.0 Linux kernel support 12.0.0.1281 and newer (released on August 18, 2020)

To verify if your DSA is using this driver version, run the command below and compare it with the tmhook version stated above.

$ cat /proc/driver/bmhook/tmhook/version   # query the TMHook version

The fix is included in the following DSA versions:

• Deep Security 20 Linux Kernel Support 20.0.0.1133
• Deep Security Agent 12.0.0.1362
• Deep Security 12 Linux Kernel Support 12.0.0.1362

To avoid the issue as much as possible, please perform the procedure below to upgrade Deep Security Agent safely.

1. Turn off the security features: Integrity Monitoring (real-time), Anti-Malware (real-time), Application Control, and Activity Monitoring.
2. Upgrade DSA to the version that includes the fix (or import KernelSupport).
3. Send a policy to DSA.
4. Reboot the machine to unload the third-party and the old Deep Security kernel modules.
5. Turn on the security features.