Linux 8.8.4 toggle kernel exclusion effectiveness
search cancel

Linux 8.8.4 toggle kernel exclusion effectiveness

book

Article ID: 413493

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

In Linux Agent 8.8.4 due to design changes, kernel exclusions were moved to user mode reducing their effectiveness

Environment

App Control Linux Agent: 8.8.4

Resolution

Kernel exclusions will be reverted back to the kernel by default in the upcoming 8.8.6 agent version.

In the meantime, make the following change that enables kernel exclusions at the kernel level:

Navigate to: https://AppCServer/Agent_config.php

Name: Enable Kernel Exclusions on Linux (or similar)
Host ID: 0
Value: 
exclusions_at_eventshandler=1
Platform: Linux
Create For: All Policies
Save and Exit
Powered by Wolken Software