Endpoint Hardening Application Control Policy very slow to sync and apply to servers

book

Article ID: 222875

calendar_today

Updated On:

Products

Endpoint Hardening Application Control

Issue/Introduction

Application Control policy is not being accepted by the clients or very slow to sync.

Error from CAFagent.log

[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 2328 : caf::CAFSAEPSPOCManager::LogSPOCErrors:567 | SPOC communication with SPOC server failed as http status received was unexpected. Error code: httpStatusUnexpected.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 2328 : caf::CAFSAEPSPOCManager::LogSPOCErrors:620 | SPOC status type is neutral.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 2328 : caf::CAFSAEPSPOCManager::RetrySpocConnection:317 | Error while waiting for SPOC bump.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 2328 : caf::CAFSAEPSPOCManager::RetrySpocConnection:318 | Will retry waiting for SPOC bump in next 7 ms.
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 2328 : caf::CAFSAEPSPOCManager::CancelNotification:420 | Canceling spoc client requests
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Warning | 5804 : 2328 : caf::CAFSAEPSPOCManager::CancelNotification:432 | Error cancelling SPOC Bump notification request for DCS: 23
[|] 2021-07-06 14:37:13 | cafservice.CAFSAEPSPOCManager | Warning | 5804 : 2328 : caf::CAFSAEPSPOCManager::CancelNotification:441 | Error Cancelling SPOC Bump notification request for SEP: 23
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPProductService | Error | 5804 : 8032 : caf::CAFSAEPProductService::InitiateSpoc::::operator ():2100 | Error from Request notification , Revision: 65, Status code: [ 3 ], Status type: [ 0 ]
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 8032 : caf::CAFSAEPSPOCManager::LogSPOCErrors:497 | Error in SPOC client because of out of memory condition. Error code: memoryError.
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPSPOCManager | Information | 5804 : 8032 : caf::CAFSAEPSPOCManager::LogSPOCErrors:620 | SPOC status type is neutral.
[|] 2021-07-06 14:37:14 | cafservice.CAFSAEPSPOCManager | Error | 5804 : 8032 : caf::CAFSAEPSPOCManager::RetrySpocConnection:317 | Error while waiting for SPOC bump.

Cause

CAF agent is hitting an abnormal 'out of memory' condition. As a result, the client cannot pick up the command from the server to update the policy.

This is fixed in CAF 6.7.0.553+

Recommendation is to upgrade to SEP 14.3RU2+ (CAF 6.7.0.553 +)

Environment

SEP 14.3RU1

 

Resolution

Upgrade agent to SEP 14.3RU2+ (CAF 6.7.0.553 +)