Imperva Cyber Community

communities_1.jpg
 View Only
  • 1.  Issue on Windows Agent and NDIS error Message

    Posted 12-16-2022 09:12
    Hi everyone

    Im facing an issue with a windows's agent. These are the specs:

    1- Agent version: 14.5.0.71.0.628188
    2- Windows Versión: MS Windows Server 2016 Standard Edition 64bits
    3- SecureSphere versión (MX/GW): 13.6.0.88_0

    The issue:
    1- Agent sometimes didnt see audit at all. 
    2- When it see it, records have Hashed users message.
    3- Agent fail to come back after a restart. I tried GUI and CLI. Same results. We have to reinstalled it again.
    4- Checking agent logs we found a NDIS message and after that a series of more errors and crashings.
    5- Server network driver support NDIS.  

    I have no idea what is wrong or what is blocking agent see NDIS on the network card driver

    This is part of the Watchdog's log


    Apreciate any clue or idea you have to solve this.

    Thanks

    Regards









    #DatabaseActivityMonitoring
    #ImpervaAgent

    ------------------------------
    Freddy Brito
    Deploy, Support & Pre sales
    DAITEK S.A.
    Buenos Aires
    ------------------------------


  • 2.  RE: Issue on Windows Agent and NDIS error Message

    Posted 22 days ago

    Hi Freddy,

    I just wanted to check in on this post as I see there were no public responses. Did you manage to get to the bottom of your issue?

    Thanks,
    Sarah



    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------



  • 3.  RE: Issue on Windows Agent and NDIS error Message

    Posted 22 days ago
    Hi Thanks for answering


    oh Yes, I think. I have an open case for this and I 'll close it today (I hope). At the end of the day  I 'll update this post

    Thanks again

    Regards  



    --
      
    Freddy Brito
    freddy.brito@daitek.com.ar

    Avda Corrientes 3360 Piso 12

    C1193AAS - CABA - Argentina

    t + 54 11 5275 9710 | c +54 9 11 2653 9420 

    info@daitek.com.ar | www.daitek.com.ar






  • 4.  RE: Issue on Windows Agent and NDIS error Message

    Posted 22 days ago
    Awesome! Thanks, Freddy.

    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------



  • 5.  RE: Issue on Windows Agent and NDIS error Message

    Posted 19 days ago
    Hi

    We finally closed this case last week and I want to say that this was a confusing case. Keep me scratching my head for a long time. 

    All the issues reported where caused by a lack of permissions in a remote unit. After solving this, agent started working as expected.

    The configuration used as default for this customer is:
    In red the remote unit where this agent could not write.

    <agent-config>
    <quota>8000</quota>
    <external-traffic-monitoring-in-kern>1</external-traffic-monitoring-in-kern>
    <mssql-advanced-monitoring>1</mssql-advanced-monitoring>
    <system-events-ipv6-listener-identified-enable>false</system-events-ipv6-listener-identified-enable>
    <files-dir>H:\Seguridad\Imperva</files-dir>
    <logger-dir>H:\Seguridad\Imperva</logger-dir>
    </agent-config>



    According to my records (old GTIs), an agent v14.4 was working fine months ago. But at sometime, the user that run ragent process lost permission on that remote unit.

    I hope this will be useful for somebody.
    I have to thanks support for all the help provided on this.

    Regards





    ------------------------------
    Freddy Brito
    Deploy, Support & Pre sales
    DAITEK S.A.
    Buenos Aires
    ------------------------------



  • 6.  RE: Issue on Windows Agent and NDIS error Message

    Posted 18 days ago
    Hi Freddy,

    Thanks so much for this update! I have no doubt this info will be useful to others.

    Thanks,

    ------------------------------
    Sarah Lamont
    Digital Community Manager
    ------------------------------