000037429 - RSA NetWitness Endpoint Agent Crashing during scan

Document created by RSA Customer Support Employee on May 28, 2019
Version 1Show Document
  • View in full screen mode

Article Content

Article Number000037429
Applies ToRSA Product Set: NetWitness Endpoint
RSA Product/Service Type: NetWitness Endpoint
RSA Version/Condition: 4.4.0.6
Platform: Windows
IssueActive scanning is causing certain endpoints to have an agent crash. This happens during registry discrepancy scans, where the registry in question may have some corrupt or unreadable entries.
CauseThe registry, both due to memory over-allocation and due to a memory heap issue that causes the agent to crash and be restarted, fails the scan.
ResolutionUpgrade to the version 4.4.1.0 or later for the fixes to the memory.
WorkaroundIt is possible to avoid crashing by running a manual scan without the registry discrepancies option selected.

Attachments

    Outcomes