2023-03-10 09:17:20.502184 [+0400]: [Info/5] | Secure Boot enabled: true | dsa/SecureBoot.lua:160:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001 2023-03-10 09:17:20.502286 [+0400]: [Warning/2] | Key not enrolled: /opt/ds_agent/DS20.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001 2023-03-10 09:17:20.502360 [+0400]: [Warning/2] | Key not enrolled: /opt/ds_agent/secureboot/DS20_v2.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001

System hang is experienced when using the fanotify of Deep Security Agent for Linux

Product / Version includes:

Deep Security20.0 , Cloud One - Endpoint and Workload SecurityAll

Last updated: 2023/03/31

Solution ID: KA-0014210

Category: Troubleshoot

Summary

Deep Security Linux Agent has added a feature that allows our agent to perform real-time scanning even if our kernel module failed to load in the customer's system, this feature is accomplished by utilizing Linux Kernel's fanotify mechanism. fanotify is a Linux Kernel API that allows userspace applications to receive file events in the system in real-time.

We have identified a problem with our product that can cause our agent to hang in certain scenarios, making it unable to respond to fanotify notifications from the operating system. When this occurs, the operating system may become unresponsive, leading to a system hang.

However, it was observed on some systems that a reboot can recover the system back to normal.

For now, this issue can be solved by enrolling our kernel module into the customer's system. We can identify that the Secure Boot is enabled in their system if the following log messages can be seen in ds_agent.log:

2023-03-10 09:17:20.502184 [+0400]: [Info/5] | Secure Boot enabled: true | dsa/SecureBoot.lua:160:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001
2023-03-10 09:17:20.502286 [+0400]: [Warning/2] | Key not enrolled: /opt/ds_agent/DS20.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001
2023-03-10 09:17:20.502360 [+0400]: [Warning/2] | Key not enrolled: /opt/ds_agent/secureboot/DS20_v2.der, detail might be logged when Agent is just started | dsa/SecureBoot.lua:170:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001

Secure Boot is a feature in the BIOS that does not allow third-party kernel modules from loading into the system. As our kernel module is not trusted by the system by default, the customer needs to enroll Trend Micro's public key into their system first, then our kernel module should be able to be loaded into the customer's system.

To enroll a Trend Micro public key into the system, you can refer to this article.

It is recommended to contact Trend Micro Technical Support if you encounter the system hang issue, and see the following entry in the ds_agent.log file:

2023-03-10 09:17:20.502184 [+0400]: [Info/5] | Secure Boot enabled: false | dsa/SecureBoot.lua:160:LogSecureBootStatus | 683:7F8512FFF700:dsa.Scheduler_0001

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

System hang is experienced when using the fanotify of Deep Security Agent for Linux

System hang is experienced when using the fanotify of Deep Security Agent for Linux

Product / Version includes:

Summary