Views:

Refer to the following to understand the unexpected behaviors of using the new KSPs.

  • Trend Micro uses the Linux kernel's live-patching mechanism to address the BHI issue. This approach might encounter issues if the Linux kernel has already been patched by other modules or updates applied before the Deep Security Agent's patching process. In such cases, the BHI solution may fail.
  • The tmhook driver running on Linux kernels with BHI patched systems cannot be unloaded properly when using the new KSPs. However, this behavior doesn't affect the system nor break any of our security features. Trend Micro plans to address this behavior in the near future.
 
For information on platforms and kernel versions affected by BHI, refer directly to the "Deep Security 20.0 Supported Linux Kernels" document. Look for entries marked with a Δ symbol (delta).

For more information on the BHI Issue, please refer to: Branch History Injection (BHI) changes since Linux Kernel 6.9-rc4+ in Deep Security