When McAfee Agent restores database files, it causes a port conflict with some third-party applications
Last Modified: 2022-02-11 20:35:55 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
When McAfee Agent restores database files, it causes a port conflict with some third-party applications
Technical Articles ID:
KB94871
Last Modified: 2022-02-11 20:35:55 Etc/GMT Environment
McAfee Agent (MA) 5.7.0 - 5.7.4, 5.6.x Supported Linux operating systems For environment information, see KB51573 - Supported platforms for McAfee Agent 5.x. Problem
When you restart the Linux server, the McAfee Agent performs a database integrity check before the services start. This action can cause a conflict if a third-party product is listening to the McAfee Agent wakeup port. The default port used is 8081, even if you’re using custom ports. NOTE: A third-party product can't bind to the port because the McAfee Agent is using it. The McAfee Agent updates its custom port on every ASCI, which frees the port. You see errors similar to the following in the maconfig.Error: MA databases integrity check failed = (2) maconfig.Info: restore backed up configuration file </var/McAfee/agent/db/ma.db.config> to </var/McAfee/agent/db/ma.db>. maconfig.Info: deleting the database files maconfig.Info: file </var/McAfee/agent/db/ma.db> cleaned up. maconfig.Info: file </var/McAfee/agent/db/mapolicy.db> cleaned up. maconfig.Info: file </var/McAfee/agent/db/matask.db> cleaned up. maconfig.Info: file </var/McAfee/agent/db/mascheduler.db> cleaned up. maconfig.Info: file </var/McAfee/agent/db/macmnsvc.db> cleaned up. maconfig.Info: file </var/McAfee/agent/db/msgbus.db> cleaned up. maconfig.Info: setup the agent databases maconfig.Warning: agent.ini file is not available to get the custom ports maconfig.Info: Keeping agent GUID as {xxxxx-xxxx-xxxxx} maconfig.Info: Keeping agent sequence no: 1234 maconfig.Info: healthcheck and restore is successful. Solution
This issue is resolved in McAfee Agent 5.7.5, which is available from the ePO Software Manager or the Product Downloads site. To view other known and resolved issues, see KB93773 - McAfee Agent 5.7.x Known Issues. NOTE: You need a valid Grant Number to access the update. Workaround
Edit two files and disable
Example:
Before: # MA common services start echo "" if [ ! -d /var/McAfee/.msgbus ] then mkdir /var/McAfee/.msgbus chmod 777 /var/McAfee/.msgbus chmod o+t /var/McAfee/.msgbus fi if [ $PPID -eq 1 ] then echo "MA services are started by init process" ma_check_and_restore fi After # MA common services start echo "" if [ ! -d /var/McAfee/.msgbus ] then mkdir /var/McAfee/.msgbus chmod 777 /var/McAfee/.msgbus chmod o+t /var/McAfee/.msgbus fi if [ $PPID -eq 1 ] then echo "MA services are started by init process" #ma_check_and_restore fi
Affected ProductsLanguages:This article is available in the following languages: |
|