Data Exchange Layer client can't connect to the DXL broker
Last Modified: 2023-03-20 21:16:33 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Data Exchange Layer client can't connect to the DXL broker
Technical Articles ID:
KB89060
Last Modified: 2023-03-20 21:16:33 Etc/GMT Environment
Data Exchange Layer (DXL) 6.x, 5.x Symantec Drive Encryption Other third-party vendor applications Problem
The DXL client is successfully installed but can't connect to the DXL broker, even though there are no connectivity problems or any other issues in the DXL logs.
Cause
A third-party vendor application injecting a DLL into our services causes this issue. For example: Symantec Drive Encryption. You can use Process Explorer to see which DLLs are injected into any given process. For the DXL client, it is Solution
These DLLs must be listed in the policy Endpoint Security Common in the Certificates section. NOTE: This section is only visible if you select Show Advanced. These DLLs must be selected to allow our internal kernel driver to allow them. Then, the DXL client can successfully connect to the fabric because the DXL client is also using our internal kernel driver. Workaround
If the DLLs are not listed in the Common policy, or unsigned DLLs are injected, perform the following steps:
Affected ProductsLanguages:This article is available in the following languages: |
|