Linux 8.8.4 toggle kernel exclusion effectiveness
search cancel

Linux 8.8.4 toggle kernel exclusion effectiveness

book

Article ID: 413493

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

In Linux Agent 8.8.4 due to design changes, kernel exclusions were moved to user mode reducing their effectiveness

Environment

  • App Control Linux Agent: 8.8.4

Resolution

Kernel Exclusions will be reverted back to the kernel by default in the upcoming 8.8.6 Agent version

In the meantime, the following steps will enable Kernel Exclusions at the kernel level for Linux Agent 8.8.4+

  1. Log in to the Console and navigate to https://ServerAddress/agent_config.php
  2. Click Add Agent Config and use the following details:
    • Name: Enable Kernel Exclusions on Linux (or similar)
    • Host ID: 0
    • Value
      exclusions_at_eventshandler=1
    • Platform: Linux
    • Create For: All Policies
  3. Click Save and Exit
  4. Verify the Agent shows as Connected & Up to Date

Additional Information

Powered by Wolken Software