Machines that are using the Anti-Malware feature may encounter issues in kernel logs. In addition, the machine frequently reboots. The reboot occurs due to failure in processing kernel paging request.
The issue happens because both CA ControlMinder and Deep Security RTS (RealTimeScan) access the same low-level system resource. When CA software starts first, Deep Security continuously restarts because the low-level system resource is already allocated. On the other hand, when Deep Security starts before the CA software, the CA software causes the kernel panic.
To resolve the issue:
- Create the ds_am.ini file under /var/opt/ds_agent/am/.
- Add the following line:
- Restart the ds_agent service.
- If the issue persists, change the parameter in Step 2 by modifying its value from "2" to "1" as shown below:
1 = use redirfs hook only
2 = use syscall hook only
3 = use both; default value
Disabling either redirfs hook or syscall hook should be able to avoid the hooking issue while keeping the real-time scan detection ability.
Note that there is a design limitation when using redirfs hook only that it still needs to do syscall hook to sys_mount/sys_unmount for dynamic detection on newly mounted filesystems, meaning there will be DS driver print syscall hook/unhook in the logs.