Endpoint Hardening Application Control Policy very slow to sync and apply to servers
search cancel

Endpoint Hardening Application Control Policy very slow to sync and apply to servers

book

Article ID: 222875

calendar_today

Updated On:

Products

Endpoint Hardening Application Control

Issue/Introduction

Application Control policy is not being accepted by the clients or very slow to sync.

Error from CAFagent.log

[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 2328 : caf::CAFSAEPSPOCManager::LogSPOCErrors:567 | SPOC communication with SPOC server failed as http status received was unexpected. Error code: httpStatusUnexpected.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 2328 : caf::CAFSAEPSPOCManager::LogSPOCErrors:620 | SPOC status type is neutral.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 2328 : caf::CAFSAEPSPOCManager::RetrySpocConnection:317 | Error while waiting for SPOC bump.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 2328 : caf::CAFSAEPSPOCManager::RetrySpocConnection:318 | Will retry waiting for SPOC bump in next 7 ms.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 2328 : caf::CAFSAEPSPOCManager::CancelNotification:420 | Canceling spoc client requests
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Warning | 5804 : 2328 : caf::CAFSAEPSPOCManager::CancelNotification:432 | Error cancelling SPOC Bump notification request for DCS: 23
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Warning | 5804 : 2328 : caf::CAFSAEPSPOCManager::CancelNotification:441 | Error Cancelling SPOC Bump notification request for SEP: 23
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPProductService | Error | 5804 : 8032 : caf::CAFSAEPProductService::InitiateSpoc::::operator ():2100 | Error from Request notification , Revision: 65, Status code: [ 3 ], Status type: [ 0 ]
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 8032 : caf::CAFSAEPSPOCManager::LogSPOCErrors:497 | Error in SPOC client because of out of memory condition. Error code: memoryError.
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 8032 : caf::CAFSAEPSPOCManager::LogSPOCErrors:620 | SPOC status type is neutral.
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 8032 : caf::CAFSAEPSPOCManager::RetrySpocConnection:317 | Error while waiting for SPOC bump.

Environment

SEP 14.3RU1

 

Cause

CAF agent is hitting an abnormal 'out of memory' condition. As a result, the client cannot pick up the command from the server to update the policy.

This is fixed in CAF 6.7.0.553+

Recommendation is to upgrade to SEP 14.3RU2+ (CAF 6.7.0.553 +)

Resolution

Upgrade agent to SEP 14.3RU2+ (CAF 6.7.0.553 +)

Powered by Wolken Software