This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
NetWitness Platform Product Advisories
Read and subscribe to the latest announcements and advisories relating to the NetWitness Platform.
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- NetWitness Community
- Products
- NetWitness Platform
- Advisories
- Product Advisories
- Technical Advisory for RSA NetWitness Endpoint 4.x agents running on Windows 10 version 1903
-
Options
- Subscribe to RSS Feed
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Technical Advisory for RSA NetWitness Endpoint 4.x agents running on Windows 10 version 1903
Technical Advisory for RSA NetWitness Endpoint 4.x agents running on Windows 10 version 1903
Summary:
Due to recent changes in the Windows 10 version 1903 (build 18362) kernel, RSA NetWitness Endpoint 4.x (aka ECAT) agents might have received a dynamic kernel update from RSA which could, on occasion, result in a system stop (i.e. BSOD) error. All Customers should follow the steps below to mitigate this issue.
Affected Products:
RSA NetWitness Endpoint 4.x with agents running on Windows 10 version 1903.
Impact:
RSA NetWitness Endpoint agent systems running Windows 10 build 1903 might encounter a system stop (i.e. BSOD) error and reboot. RSA NetWitness Endpoint agents running other versions of Windows 10 are unaffected.
Solution:
To update deployed RSA NetWitness Endpoint servers and agents, first perform the following steps on each RSA NetWitness Endpoint server:
- Stop the RSA ECAT Server service.
- In SQL Management Studio, run the following command for each ECAT$PRIMARY and ECAT$SECONDARY database:
delete KernelData where Description like '10.0.18362.%'
- Run the following SQL command and confirm that the old kernel encodings were deleted:
There should be 0 active encodings at this time.select * from KernelData where Description like '10.0.18362.%'
- Restart the RSA ECAT Server service. Updated content should be downloaded automatically by RSA NetWitness Endpoint servers from RSA Live within 30 minutes. In environments without direct access to RSA Live, use the ConsoleServerSync utility to update kernel data.
- Confirm the content update. Run the following command:
select * from KernelData where Description like '10.0.18362.%'
Once each RSA NetWitness Endpoint server has been updated, determine if you have any remaining agents running on Windows 10 version 1903 (build 18362).
- In the RSA NetWitness Endpoint UI, click the Machines view.
- Using the Column Chooser, add a column called OS Build Number, and look for agents with build 18362.
The agents on these systems must either be upgraded or re-installed. If you are re-installing the agents, use the Force Overwrite option in the RSA NetWitness Endpoint Packager.
For additional documentation, downloads, and more, visit the RSA NetWitness Platform page on RSA Link.
EOPS Policy:
RSA has a defined End of Primary Support policy associated with all major versions. For additional details, refer to the Product Version Life Cycle.
Tags (28)
- 4.x
- Advisory
- Agent
- Announcement
- ECAT
- Endpoint
- NetWitness
- NetWitness Endpoint
- netwitness suite
- NW
- NW Endpoint
- NWE
- NWP
- Product Communication
- Product Notification
- RSA ECAT
- RSA NetWitness
- RSA NetWitness Endpoint
- RSA NetWitness Platform
- RSA Technical Advisory
- SCOL Note
- Server
- technical advisory
- Technical Alert
- Technical Communication
- Technical Notification
- Version 4.x
- Windows
No ratings
