Guest Introspection Linux thin agent sends same file multiple times for scan
search cancel

Guest Introspection Linux thin agent sends same file multiple times for scan

book

Article ID: 330838

calendar_today

Updated On:

Products

VMware NSX

Issue/Introduction

Symptoms:
  • Linux thin agent sends the same file multiple times for a scan.
  • Performance degradation might be observed for guest VM.


Environment

VMware NSX for vSphere 6.3.x

Cause

When a file is sent for scan to the partner appliance, its verdict is stored in a local cache. The Linux thin agent uses hashtable provided by the glib library for storing the verdict in the cache.

When the cache becomes full, addition of next entry in the cache evicts latest entry added to the table, replacing it with newly scanned file verdict. As a result, once the verdict cache is full, the most recently scanned file can be sent for rescan.

Cache sizes are variable and are function of system resources.

Resolution

This issue is resolved in VMware NSX for vSphere 6.4.5 and later versions with the Guest Introspection Linux thin agent driver version 8.0.0.

Note: The cache eviction algorithm is changed to evacuate a random entry from the hash table.

Additional Information

For more information, see Install the Guest Introspection Thin Agent on Linux Virtual Machines section of the NSX Administration Guide.