Views:
The system crash may occur using the agent version 20.0.0-5761 if the following condition are met:
  1. Installing the agent version 20.0.0-5761  on Windows Server 2022/2019/2016 or Windows 11.
  2. Anti-Malware with Behavioral Monitoring feature is enabled.
  3. Uninstall the DSA build 5761
Installing or upgrading the DSA to build 5761 will not cause BSOD; It is triggered when the DSA build 5761 with AM enabled is uninstalled or upgraded.

The issue occurs if the Anti-Malware Module is enabled and the TMUMH is installed. 
Deep Security Agent version 20.0.0-5761 is removed from Download Center and Cloud One - Endpoint & Workload Security.

The system crash may also occur if the Anti-Malware is enabled and you will upgrade from 5671 to future releases. This will be fixed in future release. 


Official Fix

To fix this issue, upgrade the agent to version 20.0.0-5810. 

Note: *Please note that if you are using version 20.0.0-5761, Rebooting the server is required. If you are using any version lower than 5761, reboot is not required. 
           **During the upgrade process, the following registry key will be added: 
              
DWORD "RegCfgFlags" with value 0x8  under HKLM\SYSTEM\CurrentControlSet\Services\tmumh 
  

How to Upgrade the Agent

Option 1: Via Web Console

  1. In the Workload Security console, go to Computers, and then do one of the following:
    • Right-click the computer(s) that you want to upgrade, and select Actions > Upgrade Agent Software.
    • Select the computer(s) that you want to upgrade, click the Actions button near the top and select Upgrade Agent Software.
    • Double-click a computer that you want to upgrade and on the Computer details dialog box, click the Upgrade Agent button.
  2. In the dialog box that appears, select the Agent Version. We recommend that you select the default Use the latest version for platform (20.0.0-5810). Click Next. 
  3. Wait for the Upgrading Software(Reboot to Complete Upgrade) Event.

    Module state

    Note: The DWORD RegCfgFlags will be automatically added and removed during the upgrade process
  4. Reboot the Computer after seeing the event  "Reboot to Complete Upgrade"
    • Agent upgrade will continue after machine reboot is complete and will remove the RegCfgFlags DWORD after upgrade is complete. 

Option 2: Deployment Script

  1. Execute the Deployment Script and it is expected to finish with Installer Exit Code: 1603

    Module state

    • Note: The DWORD RegCfgFlags will be added automatically
  2. Reboot the machine
  3. Execute the deployment script again and it would run and upgrade the DSA

    Module state

    • Note:
    • The Installer Exit Code should be 0, meaning the agent was successfully installed.
    • The registry key will be removed after the upgrade is complete.

Option 3: MSI Installer Quiet Mode Only

Note: Running the MSI Installer for the agent is not recommended, But you can run it in silent install.

msiexec /i "Agent-Core-Windows-20.0.0-5810.x86_64.msi" /q /log debuglog.txt 
  1. Download the MSI Package.
  2. Install the agent using the following command.
 
  • Check debuglog.txt and search for "Installation success or error status: 1603." 
  • Reboot the Computer 
    • Agent upgrade will continue after machine reboot is complete and will remove the RegCfgFlags DWORD after upgrade is complete.