Views:

Symptoms

On a RHEL 10.2 host, the agent's real-time protection does not come online. Customers may observe the following:

  • The affected computer reports the protection engine as offline or running with basic functions only in your management console (for example, Server & Workload Protection, Deep Security Manager, or Workload Security).
  • The event message indicates that there is no kernel driver (Kernel Support Package) available for the host's current RHEL 10.2 kernel version.
  • The features that depend on these modules — Anti-Malware (real-time), Activity Monitoring, Integrity Monitoring (real-time), and Application Control — do not provide full protection.

The same agent and features work normally on RHEL 10.1 and RHEL 9.x. The behavior is specific to the RHEL 10.2 kernel.

Root Cause

This is a known issue in the Red Hat Enterprise Linux 10.2 kernel, not a defect in the TrendAI™ agent.

The RHEL 10.2 kernel changed how it validates kernel modules at build time. This change is overly strict and blocks out-of-tree livepatch-style modules — such as the agent's tmhook and bmhook — from being built, even though the same modules built correctly on earlier RHEL versions.

Because of this, TrendAI™ is unable to produce a Kernel Support Package (KSP) for the RHEL 10.2.z kernel series. Without a matching KSP, the agent has no driver to load for that kernel, which is why the protection engine reports offline / basic functions on the host.

Red Hat is tracking this as a known issue (RHEL-178495) and is working on a fix for the RHEL 10.3 and RHEL 10.2.z kernels. Until that fix is delivered and a corresponding kernel becomes available, TrendAI™ cannot provide kernel support for the RHEL 10.2.z series.

Update: Red Hat has resolved the tracking issue RHEL-178495 in their latest kernel release, allowing out-of-tree livepatch modules to build correctly.

Resolution

To restore full real-time protection with kernel module support, please upgrade your RHEL 10.2 host to the fixed kernel version or later.

Fixed & Supported Kernel:

  • 6.12.0-211.26.1.el10_2.x86_64 (and later)

Affected (Unsupported) Kernels:

  • 6.12.0-211.7.1.el10_2.x86_64
  • 6.12.0-211.7.3.el10_2.x86_64
  • 6.12.0-211.7.4.el10_2.x86_64
  • 6.12.0-211.16.1.el10_2.x86_64
  • 6.12.0-211.16.1.el10_2.0.1.x86_64
  • 6.12.0-211.18.1.el10_2.x86_64
  • 6.12.0-211.20.1.el10_2.x86_64
  • 6.12.0-211.22.1.el10_2.x86_64

Note: If you are currently running any of the affected kernels listed above, please continue using the driverless (basic functions) mode as a temporary workaround until you can upgrade to a supported kernel.

Keywords: TrendAI agent real-time protection shows offline / basic functions on Red Hat Enterprise Linux 10.2