Running Response Rules manually leads to java thread leak on Enforce

book

Article ID: 171990

calendar_today

Updated On:

Products

Data Loss Prevention Enforce

Issue/Introduction

The Enforce console experiences out of memory errors, with "access denied" entries showing up in Tomcat.

These eventually lead to a need to restart the service

Following errors appear in the Tomcat (Manager localhost log):

28 Aug 2017 23:16:43,837- Thread: 214643 SEVERE
[com.vontu.manager.command.enforce.ManualCommandRuntimeLoader$1] Command runtime unloading failed
Cause:
java.security.AccessControlException: access denied ("java.lang.RuntimePermission" "modifyThread")

 

This error is also related to the same issue:

23 Oct 2017 13:57:27,205- Thread: 130 WARNING
[com.vontu.manager.struts.ProtectActionProcessor] Permission to view page not
granted. Access denied to requesting URI:
/ProtectManager/SaveEndpointPartialMatchingManagement.do. Requires permission:
modifyThread.

Cause

The docs team created the following entry in the 14.6 MP3 release notes for the fix to this issue:

4164405 : "Executing response rules as a non-Administrator user on the Enforce Server administration console lead to thread leakage and performance degradation over time."

Environment

Issue was discovered on RHEL servers, but are not believed to be limited to that OS.

Resolution

Upgrading either to 14.6 MP3, to 15.0 MP1, or to 15.1, will resolve this issue.