Dear Valued RSA Customer,
RSA has found an issue in the RSA Netwitness Endpoint 4.2 Windows Agent, which can cause certain endpoints to crash. A fix is being created, and will be made available in an upcoming patch.
RSA Netwitness Endpoint 4.2 Microsoft Windows agents deployed in the “No Monitoring” or “Network Monitoring Only” mode. (Agents deployed in “Full User Monitoring” or “Full User Monitoring – Exclude Network Events” modes will remain unaffected by this condition).
When the Global Parameters or Machine Group features are used to disable and re-enable blocking across a group of agents, the later switch causes agents targeted by the re-enable command to crash (BSOD).
- For RSA Netwitness Endpoint 4.2 deployments where this crash has occurred, the solution is to re-install the agent and reboot the machine. As long as the sequence described in the Scenario Detail paragraph does not re-occur, the agents will be stable and no crashes will occur.
- For RSA Netwitness Endpoint 4.2 deployments where the Windows Agents are deployed in No Monitoring / Network Monitoring Only mode, please do not toggle the Blocking feature off and then on before an upgrade becomes available.
- For RSA Netwitness Endpoint 4.2 server-only deployments (new server, older 4.1.* Windows agents), or deployments in which the new agents are deployed in full monitoring mode, do nothing. These deployments are not affected. Also unaffected are Linux and OS X agents.
- For planned upgrades and new deployments, please defer to the upcoming patch, which will remove this risk.
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.