Article Number
000001608
Applies To
RSA Product Set: NetWitness Endpoint
RSA Version/Condition: 4.3.0.0, 4.3.0.1
Platform: Windows
Issue
The Endpoint agent during an upgrade of the agent to 4.3.0.1 will show a reboot required message with a red slash through the machine in the machine's tab and also when opening the machine itself in the UI:
Cause
Due to known upgrade issues with the NetWitness Endpoint agent moving to 4.3 from a prior version, the kernel driver error 0x20010007 code is detected, which informs the UI that the agent needs a reboot in order to enable correct functionality of the kernel driver on the agent endpoint, otherwise full functionality will be impaired when tracking data, scanning, or using containment features or blocking.
Resolution
To resolve this issue, the agent must first be rebooted.
- Go to the agent in the UI during a window frame when it will not disrupt normal business operations on the endpoint in question and right-click the machine in the Machines tab go to Advanced>Reboot
- When the popup box asking if you wish to reboot the agent appears, select Yes
- Go to a command prompt and run ping -t <ip_of_rebooted_machine> to check for when the machine goes offline which may take some time and when it starts pinging again
Open the UI again and check the state of the machine. It may still show a red icon indicating it is not rebooted: