DCS IPS policy remains disabled for approx 10+ minutes after a power up cycle
search cancel

DCS IPS policy remains disabled for approx 10+ minutes after a power up cycle


Article ID: 239346


Updated On:


Data Center Security Server Advanced


Problem Scenario:

  1. A policy has been set to override for 30 minutes on a Linux server
  2. The Linux computer is shut down and is in an off state for an hour
  3. The computer is started up again. The expectation is that, since the override was for 30 minutes and the computer was off for 30 minutes longer than the override period, that the IPS/Prevention Policy will become effective immediately
  4. Instead, when Linux host is loads the agent, and the IPS driver--  the IPS continues to be in a  disabled state for approximately 8-10 minutes. Sometimes longer

Steps to Reproduce:

  1. Override the SDCSS Prevention policy for 15 minutes.
  2. Shutdown the host for 30 minutes. Let the override timer expire when the host is in power down state
  3. Power up the host.
  4. After power-up, observe that the Prevention Policy remains disabled Disabled even though the timer set by the user has expired.
  5. It takes approximately 8-10 minutes to update the Policy Prevention to Enable



SDCSS Agent is not adhering to the policy override timer set by the user. It is allowing additional time without IPS enabled.  This may lead to security attacks while the user is under false assumption that IPS would be enabled immediately after timer expiry.

Reproducible across multiple SDCS Agent versions.

Reproduced on SDCSS Agent Versions: 6.8.0 (build 309) , 6.8.2 (build 757) , 6.9.1 ( build 505 )



Release : 6.8x, 6.9.0x

Component : Default-Sym

OS : RHEL 7.6 /RHEL 7.9



Minor defect corrected in the DCS agent for Linux and later.


Upgrade the DCS agent for Linux t version or later.