Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Agentless Virtual Machines and/or Deep Security Virtual Appliance (DSVA) become unresponsive or experience BSOD

    • Updated:
    • 14 Sep 2015
    • Product/Version:
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Platform:
    • VMware ESXi 5.1
    • VMware ESXi 5.5
Summary
Users running virtual machines protected by DSVA experience one of the following symptoms:
  • Becomes unresponsive or experiences a blue diagnostic screen (BSOD)
  • Performance issues when opening various applications
  • Virtual machines become unresponsive with a black screen during login for 40 seconds or more
  • Occurs when running on these VMware ESX versions/builds: ESXi 5.5 GA, ESXi 5.5 Update 1, or ESXi 5.1 Patch 03 with VMware Tools versions 9.4.5, 9.4.0, 9.0.5, including the VMCI vShield driver
Details
Public
The issue may be because of the following:
  • The vShield Endpoint Thin Agent driver (vsepflt.sys) and the vShield Endpoint TDI Manager driver (vnetflt.sys) cause a non-paged pool memory leak on the Microsoft guest operating system where the endpoint module is installed.
  • An issue in the VMware vShield Endpoint Thin Agent driver (vsepflt.sys) causes it to continually purge the local cache. The Endpoint driver is backward compatible and supports earlier versions of the EPSec Library by doing a version negotiation.
On systems with a heavy load, the version negotiation may establish an unsupported version leading to rejection by the EPSec library. The driver then attempts to send the event multiple times and this may lead to a CPU spike on the affected virtual machine or cause the DSVA to become unresponsive.
To resolve the issues:
  1. Apply ESXi 5.5 Patch 2 or ESXi Patch 4 to resolve the memory leak as noted in the VMware article: The vShield Endpoint Thin Agent driver (vsepflt.sys) and the vShield Endpoint TDI manager driver (vnetflt.sys) cause a non-paged pool memory leak (2077302).
  2. Contact VMware to get a copy of the hotpatch needed to resolve the VMware vShield Endpoint Thin Agent driver version negotiation issue that causes DSVA to become unresponsive. Refer to the VMware article: Systems running MOVE Agentless 3.0 on ESXi 5.5 suffer performance issues or become unresponsive (2077305).
Premium
Internal
Rating:
Category:
Configure; Troubleshoot; Deploy; Install
Solution Id:
1105081
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.