Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Resolving Deep Security kernel module (TMhook) incompatibility issue when running docker containers in Linux

    • Updated:
    • 1 Jul 2019
    • Product/Version:
    • Deep Security 11.3
    • Deep Security 12.0
    • Platform:
    • N/A N/A
Summary

Deep Security performs a system hook at the Linux kernel level for real-time Anti-Malware, real-time Integrity Monitoring, and Application Control. When the Deep Security Agent has enabled one of these mentioned modules and is running docker containers, the module may not be unloaded correctly and you may encounter an incomplete uninstallation or upgrade.

Details
Public

The kernel module becomes incompatible because there are some syscalls used by docker container that failed to return when trying to disable features or upgrade Deep Security Agent.

Checking the Deep Security kernel module (TMhook)

  1. When Deep Security module is enabled, verify that the kernel module version in disk and in memory are the same.
    • Get the kernel module version in disk:
      # sudo modinfo /opt/ds_agent/`uname -r`/tmhook.ko
    • Identify the kernel module version in memory:
      # sudo cat /proc/driver/bmhook/tmhook/version
  2. When Deep Security module is disabled, make sure the kernel module status is unload.
    # sudo lsmod | grep tmhook

Workarounds

There are two (2) workarounds to resolve the kernel module incompatibility issue.

  • Option 1. Stop all the running docker containers. Enable one of the Deep Security modules mentioned above, and then disable it.
  • Option 2. Reboot the agent.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1123081
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.