Carbon Black Cloud: Linux Sensor Goes into Bypass On Kernels 4.4+
Article ID: 291170
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
- Sensor enters bypass mode after installation
- Logs show errors:
BpfCollectorIf : StartBpfCollector : Waiting for connection to collector 2838786 DriverComms : LogConnectFailure : Failed to connect to collector 2910 times: kernel not ready yet
- Searching on Inventory page for kernel headers not being installed returns impacted devices
sensorStates:KERNEL_HEADERS_NOT_INSTALLED
Environment
- Carbon Black Cloud Sensor: 2.10.x +
- Linux: All Supported Versions
- Kernel 4.4 or Higher
Cause
Kernel headers not installed
Resolution
See section "Prerequisites for Linux4.4+ Kernels for Linux sensor versions 2.10+" of the Installation guide to ensure the headers are installed:
https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/services/cbc-sensor-installation-guide/GUID-11F7F7A9-9F85-473F-9C09-430F332F8870.html
https://docs.vmware.com/en/VMware-Carbon-Black-Cloud/services/cbc-sensor-installation-guide/GUID-11F7F7A9-9F85-473F-9C09-430F332F8870.html
Additional Information
As of December 2022 there is a known issue EA-21554 which causes "bypass status (Contact support)" when the kernel headers are not installed
Feedback
Yes
No
Powered by
