Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: Linux Sensor Goes into Bypass On Kernels 4.4+

Carbon Black Cloud: Linux Sensor Goes into Bypass On Kernels 4.4+

Environment

  • Carbon Black Cloud Sensor: 2.10.x +
  • Linux: All Supported Versions
    • Kernel 4.4 or Higher

Symptoms

  • Sensor enters bypass mode after installation
  • Logs show errors: 
    BpfCollectorIf : StartBpfCollector : Waiting for connection to collector 2838786
    DriverComms : LogConnectFailure : Failed to connect to collector 2910 times: kernel not ready yet
  • Searching on Inventory page for kernel headers not being installed returns impacted devices
    sensorStates:KERNEL_HEADERS_NOT_INSTALLED

Cause

Kernel headers not installed

Resolution

See section "Prerequisites for Linux4.4+ Kernels for Linux sensor versions 2.10+" of the Installation guide to ensure the headers are installed:
Prerequisites for Linux 4.4+ Kernels for Linux Sensor Versions 2.10+

Additional Notes

As of December 2022 there is a known issue EA-21554 which causes "bypass status (Contact support)" when the kernel headers are not installed

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎01-05-2021
Views:
2783
Contributors