Cisco Bug: CSCvv49913 - Cisco AMP for Endpoints Linux Connector Unable to Load Kernel Modules on Older EL6 Distributions
Sep 23, 2020
- Cisco AMP for Endpoints
Known Affected Releases
1.12(6) 1.12(7) 1.13(1)
Symptom: Customer has AMP for Linux installed on RHEL/CentOS/OEL < 6.9 and kernel version < 2.6.32-696.el6.x86_64 and upgrading to or installing AMP Linux Connector version 1.12.6, 1.12.7 or 1.13.1 results in Faults 8 (Realtime filesystem monitor failed to start) and 9 (Realtime network monitor failed to start) being raised by the connector post upgrade/install, and after AMP the service starts. Affected User's will notice AMP's on-access file scan and real-time network monitoring functions are disabled, due to the kernel modules being unable to load. To check Fault status on the endpoint, User's can issue the following command via Terminal: ``` /opt/cisco/amp/bin/ampcli status ``` and should review the 'Faults:' section of the command output to see if the Endpoint has any faults raised. Conditions: RHEL/CentOS/OEL 6 w/ Kernel Version < 2.6.32-696.el6.x86_64. Kernel version of the host can be checked by issuing the following command via Terminal: ``` uname -r ``` If the kernel version is NOT < 2.6.32-696.el6.x86_64, then the Connector is not symptomatic of the described behaviour. Cisco AMP for Endpoints Linux Connector versions: 1.12.6, 1.12.7, 1.13.1 NOTE: As Linux Connector version 1.13.0 was released prior to Linux Connector versions 1.12.6, 1.12.7, and 1.13.1, it is not affected by this issue. Linux Connector versions 1.12.5 or older are also not affected by this behaviour.
Bug details contain sensitive information and therefore require a Cisco.com account to be viewed.
Bug Details Include
- Full Description (including symptoms, conditions and workarounds)
- Known Fixed Releases
- Related Community Discussions
- Number of Related Support Cases