Deception Reports force the SEPM console to log out
search cancel

Deception Reports force the SEPM console to log out

book

Article ID: 238584

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

While trying to run a Deception Report, a user gets logged out after hitting Create Report button. After that, a user is back at the SEPM login page and a small window with the line "Reporting - Log On" appears.

Following records can be found in the reporting.log:

ERROR:form verification failed - form: FilterForm, file: DeceptionReport.php, referer: https://<server-name>:8445/Reporting/behavior/deceptionreports.php?FirstRun=1_
ERROR:could not find valid username in session
ERROR:request verification failed - file=DeceptionReport.php, referer=
INFO:Ssl client verification not successful so not getting the client certificate
INFO:Login start

Environment

SEP 14.3 RU3/RU4

Cause

The issue is due to the missing form tokens. For example:

$filterFormVerified = AuthUtils::verifyFormTokenFromRequest('behavior_filterform');
$switcherFormVerified = AuthUtils::verifyFormTokenFromRequest('behaviorswitcher');
$updateFilterFormVerified = AuthUtils::verifyFormTokenFromRequest('behavior_updatefilter');
$switcherTypeFormVerified = AuthUtils::verifyFormTokenFromRequest('switchtype_form');

if (!$filterFormVerified && !$switcherFormVerified && !$updateFilterFormVerified && !$switcherTypeFormVerified
&& !AuthUtils::verifyFormTokenFromRequest('secondary'))

Unknown macro: { AuthUtils}

Resolution

A permanent fix should get included to RU5. 

For a workaround, contact Broadcom Support and quote this article.