I have received above error msg in our SIEM and as per the article McAfee KnowledgeBase - ESM shows a red flag and a system integrity check failure i found the below result but i was not able to identify exact package name to uninstall, can anybody came across the same situation?? if so please help me out.
[00002,226610 %000.0000] packages expected but not installed 0
[00003,226610 %000.0001] packages installed but not expected 0
[00004,226610 %000.0001] liborder 0
[00005,226610 %000.0002] perl-Net-Pcap 0
To remedy the situation and solve that problem it is highly recommended to upgrade the version ASAP this will solve you this problem permanently.
I agree that upgrading to 9.6 is ideal. However if you're unable to right away, you might want to try the command NitroValidate -t 3 -i 0 then do the rpm - e on each package.
In some cases, it is also observed to be the false positive.
Generally the output with packages error, shows a non zero value like below:
[00002,177558 %000.0001] packages expected but not installed 477
It also gives the list of packages which are not expected.
What is the output of the NitroValidate last line?
System Integrity State : (0)OPERATIONAL
System Integrity Summary : NOTE=(1)00960 WARN=(2)00015 CRIT=(3)00000
You can try with following command before :
#service integritymon restart, on the receiver CLI
This is going to take care, if this is a false alarm.
But rolling out everything, if the command mentioned above is showing you the list of packages as well (which are not expected) and the NitroValidate does show System Integrity State and Summary abnormal, then Andy's suggestion is best: to remove packages.
If nothing works, last option is to UPGRADE.