• Agent generating Events for Health Check FailureId[390] similar to:

  Agent kernel is missing. Options[00000007] TotalFailures[14] FailureId[390]

• Rebooting the endpoint does not resolve health check errors.

• App Control Server: All Supported Versions
• App Control Agent: All Supported Versions

The Agent Health Check Guide states:

FailureID[390] indicates the parity.sys driver did not appear in a system enumeration of device drivers. This can sometimes occur due to flaws in the system API on older versions of Windows prior to Vista, but often times can indicate kernel model manipulation of data structures used to track device drivers. Such manipulation may be malicious and indicate kernel mode malware is present.

The Agent will need to be uninstalled and reinstalled.

When the Agent Kernel is missing, this can trigger additional Health Checks, such as FailureId[590] example:

The Service[wuauserv] State[4] Pid[113208] is running but process information is missing. Options[00000003] TotalFailures[17] FailureId[590]