Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Abnormal kernel logs and reboot occur in Deep Security Virtual Appliance with Anti-Malware feature

    • Updated:
    • 8 Aug 2018
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Platform:
    • CentOS 6 64-bit
Summary

Machines that are using the Anti-Malware feature may encounter issues in kernel logs. In addition, the machine frequently reboots. The reboot occurs due to failure in processing kernel paging request.

Details
Public

The issue happens because both CA ControlMinder and Deep Security RTS (RealTimeScan) access the same low-level system resource. When CA software starts first, Deep Security continuously restarts because the low-level system resource is already allocated. On the other hand, when Deep Security starts before the CA software, the CA software causes the kernel panic.

To resolve the issue:

  1. Create the ds_am.ini file under /var/opt/ds_agent/am/.
  2. Add the following line:

    /opt/ds_agent/lib/libvmpd_dsa_rtscan.so=rtscan_hook_enable=1,rtscan_hook_kern_method=1

  3. Restart the ds_agent service.
  4. If the issue persists, change the parameter in Step 2 by modifying its value from "1" to "2" as shown below:

    /opt/ds_agent/lib/libvmpd_dsa_rtscan.so=rtscan_hook_enable=1,rtscan_hook_kern_method=2

    Whereas:
    1 = use redirfs hook only
    2 = use syscall hook only
    3 = use both; default value

Disabling one of them should be able to avoid the hooking issue while keeping the RTS detection ability.

Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1120298
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.