|Applies To||RSA Product Set: ECAT|
RSA Product/Service Type: ECAT
RSA Version/Condition: 18.104.22.168, 22.214.171.124
|Issue||The ECAT agent during an upgrade of the agent to 126.96.36.199 will show a reboot required message with a red slash through the machine in the machine's tab and also when opening the machine itself in the UI:|
Tooltip attached to machine status displays: "Reboot required: The agent appears to be partially loaded. An endpoint reboot is required for full agent operation."
|Cause||Due to known upgrade issues with the Netwitness Endpoint agent moving to 4.3 from a prior version, the kernel driver error 0x20010007 code is detected, which informs the UI that the agent needs a reboot in order to enable correct functionality of the kernel driver on the agent endpoint, otherwise full functionality will be impaired when tracking data, scanning, or using containment features or blocking.|
|Resolution||To resolve this issue, the agent must first be rebooted.|
If the agent has been rebooted and the state doesn't update, run a Quick Scan on the agent: