Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Deep Security Agent for Linux has a compatibility issue with third party security software

    • Updated:
    • 24 Sep 2020
    • Product/Version:
    • Cloud One - Workload Security Not Applicable
    • Deep Security 12.0
    • Deep Security 20.0
    • Platform:
    • Linux
Summary
There is a compatibility issue in Deep Security Agent (DSA) for Linux. When Deep Security Agent with Integrity Monitoring (real-time), Anti-Malware (real-time), Application Control, or Activity Monitoring enabled runs on a Linux server running with third party security software based on kernel system call hooking (e.g., Symantec Endpoint Protection and Imperva), the operating system may crash in certain scenarios.

For example:
 - if you have re-enabled the security features such as Anti-Malware real-time protection.
 - if you have updated the Kernel Support Package. 
 

 
Details
Public
The compatibility issue happens when re-installing kernel hooks because of the defect in the Deep Security Agent kernel module (TMHook). The affected version of the TMHook driver are version 1.1.1304 ~ 1.1.1310 and 1.2.1124 ~ 1.2.1149. These are included in the following DSA versions:

- Deep Security Agent 20.0 GM (20.0.0.877) and newer (released on 2020/07/30)
- Deep Security Agent 12.0 Linux kernel support 12.0.0.1281 and newer (released on 2020/08/18)

To verify if your DSA is using this driver version you may run the command below and compare it with the tmhook version stated above.  

```
$ cat /proc/driver/bmhook/tmhook/version   # query the TMHook version
```

The fix is included in the following DSA versions:

- Deep Security 20 Linux kernel support 20.0.0.1133
- Deep Security Agent 12.0.0.1362
- Deep Security 12 Linux kernel support 12.0.0.1362

To avoid the issue as much as possible, please perform the procedure below to upgrade Deep Security Agent safely.

1. Turn off security features: Integrity Monitoring (real-time), Anti-Malware (real-time), Application Control, and Activity Monitoring
2. Upgrade DSA to the version that includes the fix (or import KernelSupport)
3. Send policy to DSA
4. Reboot the machine so third party and the old Deep Security kernel modules will get unloaded
5. Turn on the security features
Premium
Internal
Partner
Rating:
Category:
Troubleshoot
Solution Id:
000272645
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.