Based in the investigation, this issue may happen when upgrading Deep Security Relay from version 11.0, 12.0, and 20.0 on a Linux platform. It has been identified that the root cause of the problem is because when the agent performs an upgrade it is expected to remove all index files but some of the components remain. When the security update is initiated, the iAU module, which is responsible for performing the update task will get the same components and this may lead in a deadlock.
Here is the workaround:
- Login to the affected computer
- Stop the agent service of the relay
$ systemctl stop ds_agent
- Clean up the pattern inventory in order to enforce the relay to rebuild the pattern inventory
$ rm -rf /var/opt/ds_agent/relay/www/package
- Start the DSA and trigger the security update via dsa_control or in the manager web console.
$ systemctl start ds_agent $ /opt/ds_agent/dsa_control -U
- Verify from the agent status in the web console that the Security Update completed successfully
Long term Solution:
The fix for this will be added in a future agent release.