ENSLTP doesn't restart after upgrading to McAfee Agent 5.7.4
Last Modified: 2022-02-24 13:59:03 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
After December 1, 2024, please log in to the Thrive Portal for support, knowledge articles, tools, and downloads. For information about using the Thrive Portal, view the Trellix Thrive Portal User Guide.
ENSLTP doesn't restart after upgrading to McAfee Agent 5.7.4
Technical Articles ID:
KB94891
Last Modified: 2022-02-24 13:59:03 Etc/GMT Environment
McAfee Agent (MA) 5.7.0–5.7.4 Endpoint Security for Linux Threat Prevention (ENSLTP) 10.x Red Hat Linux 8 Security-Enhanced Linux (SELinux) Problem 1
The ENSLTP service doesn’t restart after you upgrade to MA 5.7.4. You see this issue on systems that have the following installed before the upgrade:
Problem 2
The following is recorded in the NOTE: The ENSLTP service starts, but denied errors are recorded: type=AVC msg=audit(1629206048.957:208): avc: denied { read open } for pid=3130 comm="sh" path="/opt/McAfee/ens/tp/init/mfetpd-control.sh" dev="dm-0" ino=69536799 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:mfe_ens_t:s0 tclass=file permissive=1 type=AVC msg=audit(1629206039.181:198): avc: denied { getattr } for pid=3086 comm="sh" path*="/usr/sbin/dmidecode*" dev="dm-0" ino=898249 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:dmidecode_exec_t:s0 tclass=file permissive=1 The following is recorded in the NOTE: You see the same errors, but the ENSLTP process doesn’t restart. type=AVC msg=audit(1629205035.560:228): avc: denied { getattr } for pid=3424 comm="sh" path="/opt/McAfee/ens/tp/init/mfetpd-control.sh" dev="dm-0" ino=34854683 scontext=system_u:system_r:mfe_ma_masvc_t:s0 tcontext=system_u:object_r:mfe_ens_t:s0 tclass=file permissive=0 Solution
This issue is resolved in ENSLTP 10.7.7. Our product software, upgrades, maintenance releases, and documentation are available on the Product Downloads site.
NOTE: You need a valid Grant Number for access. See KB56057 - How to download product updates and documentation for more information about the Product Downloads site, and alternate locations for some products. Workaround
On a system where the SELinux module is enabled, you must manually start the ENSLTP service.
Affected ProductsLanguages:This article is available in the following languages: |
|