Customers that have enabled Application Control, Integrity Monitoring or Activity Monitor without enabling the real-time scan of the Anti-Malware module may encounter issues excluding file events from the kernel. These exclusions are configured in ds_am-exclude-file.ini or ds_am-exclude-dir.ini file. The issue may happen if you are using either of the agent version below:
As a workaround, rollback to Agent version 20.0.0-2593:
- From the manager console, deactivate the target agent.
- SSH to the target computer.
- Go to /var/opt/ds_agent/am and backup the following files
- Uninstall the DSA version 20.0.0-2740.
- Install and activate the DSA version 20.0.0-2593.
If you are using deployment script, make sure to update the agent version control feature in the manager console to deploy a specific agent version.
- Restore the files in step 4 and restart the agent service