Protected virtual machines running under Linux are unavailable in Kaspersky Security for Virtualization 4.0 Agentless

 

Kaspersky Security for Virtualization 4.0 Agentless

 
 
 

Protected virtual machines running under Linux are unavailable in Kaspersky Security for Virtualization 4.0 Agentless

Back to "Troubleshooting"
2017 May 05 ID: 13504
 
 
 
 

Starting with the SP 1 version, Kaspersky Security for Virtualization 4.0 Agentless supports compatibility of the File Anti-Virus component with virtual machines running under Linux. The product uses the VMware Linux Thin Agent driver and the updated EPSec technology included in VMware NSX.

Linux Thin Agent version 1.0.0.4662615-1 returns the error #1833418 (VMware BugId). The issue occurs on all operating systems supported by Linux Thin Agent as well as on different versions of VMware ESXi, VMware vCenter, and VMware NSX. Under certain conditions, the error causes gradual growth of open file decryptors for the vsep process, which is included into the Linux Thin Agent package. When all available decryptors are used, the protected machine becomes unavailable.

Solution 

To avoid this, you can restart the vsep process regularly by pausing protection for a few seconds. You can create a configuration script cron.d for an hourly check if vsepd requires restarting:

  1. On the protected virtual machine, create a text script file /etc/cron.hourly/vsep_restart 
  2. Enter the following text:

#!/bin/sh
SAFE_MAX_OPEN_FILES=300
VSEP_OPEN_FILES=`lsof | grep "^vsep *[0-9]* *root *[0-9]" | wc -l`
if [[ $VSEP_OPEN_FILES -gt $SAFE_MAX_OPEN_FILES ]]; then
/etc/init.d/vsepd restart
fi

To restart the process less often, you can set a bigger value for the maximum number of file decryptors for the vsep service process:

  1. open the /etc/init.d/vsepd script for editing. 
  2. After the ### END INIT INFO line, add the following line: 

ulimit -n 4096

  1. Restart the service manually using the command:

/etc/init.d/vsepd restart

  1. Check the result using the following command:

cat /proc/`ps aux | grep vsep | grep -v grep | awk '{print $2}'`/limits

In the Max open files line, set 4096 for the Soft Limit value.

When settings a bigger value for Max open files, you can also set the bigger value for SAFE_MAX_OPEN_FILES in the script /etc/cron.hourly/vsep_restart. For example, SAFE_MAX_OPEN_FILES=3000.

 
 
 
 
Was this information helpful?
Yes No
Thank you
 

 
 

How can we improve this article?

Your feedback will be used for content improvement purposes only. If you need assistance, please contact technical support.

Submit Submit

Thank you for your feedback!

Your suggestions will help improve this article.

OK