cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

Endpoint Security for Linux Threat Prevention 10.7.1.45 - Access Protection not enabled

We are installing ENSL 10.7.1.45 on Linux machines with Ubuntu 18.04.3, fully patched, and the kernel reports itself as 5.0.0-37-generic.

We are not able to switch on Access Protection with this kernel version, although kernel module compiles fine. Are we missing something?

Kernel log:

[22217441.844423] AAC rule matching/reporting engine initialized successfully

[22217441.954087] MFE_AAC_ERROR   : 64 bit sys_kill hooking validation failed.

[22217441.954088] MFE_AAC_ERROR   : 64 bit sys_call hooking validation failed

 

From mfetpd.log:

Sep 10 17:49:37 nuwl004449p ERROR AACKMInterface [20223] Module insertion failed with error :Bad address

Kernel version:

Linux host 5.0.0-32-generic #34~18.04.2-Ubuntu SMP Thu Oct 10 10:36:02 UTC 2019 x86_64 x86_64 x86_64 GNU/Linux

Thanks

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: Endpoint Security for Linux Threat Prevention 10.7.1.45 - Access Protection not enabled

Hi ,

 

Generate MER and raise the Support case to review the issue in detail.

 

Regards,

Gururaj.m.d

Highlighted

Re: Endpoint Security for Linux Threat Prevention 10.7.1.45 - Access Protection not enabled

Hi Gururaj,

We have a ticket open. Unfortunately, the MER for linux is containing too much sensitive information and I cannot share it as is. There is no McAfee tool for the linux MER that will remove usernames,ip's, other sensitive information from the MER.

 

Thanks,

George

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 4

Re: Endpoint Security for Linux Threat Prevention 10.7.1.45 - Access Protection not enabled

Hi,

yes we do not have sanitized MER for linux. you update the same in the SR and provided  product required logs and some system logs

 

Regards,

Gururaj.m.d

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community