Directly contact our Support Team

Troubleshoot On-access scanning in Bitdefender Endpoint Security Tools for Linux

This article describes how to troubleshoot On-access scanning in Bitdefender Endpoint Security Tools for Linux.

Issue

In some situations, On-access scanning from Bitdefender Endpoint Security Tools may not properly work on the Linux endpoint. There are two main possible causes:

  • On-access scanning is disabled from the policy settings regarding the Antimalware module.
  • On-access scanning is incompatible with certain security policies applied on that endpoint. This usually happens because of missing dependecies on the endpoint operating system.

Solution

To find out why On-Access scanning is not working, you have to verify:

  1. The status of the Antimalware module
  2. The conditions required by Bitdefender Endpoint Security Tools for Linux

1. The status of the Antimalware module

Verify that the Antimalware module On-access scanning is enabled on the security agent, run the following command:

sudo /opt/BitDefender/bin/bduitool get ps

Example

Product version: 6.2.20.63
Last succeeded update: 2018-05-07 at 19:05:28
New product update available: no
Signatures version: 7.75906
New signatures update available: yes
Installed scan type: Full
Installed scan type fallback: None
Currently used scan type: Full
Features:
- Antimalware status: Off

In this example, the Antimalware module status is Off. This is only referring to the On-access scanning feature of the Antimalware module.

The On-demand scanning feature of the Antimalware module is always enabled.

2. Conditions required by Bitdefender Endpoint Security Tools for Linux

To make sure that the Antimalware module is working properly, check the following conditions:

  • The endpoint has a security policy active that does not disable On-access scanning. Also, check in the GravityZone console that On-access scanning for Linux option is enabled in the policy and has target paths defined in the list.
  • The endpoint is correctly communicating with the GravityZone console or with the assigned relay endpoint.
  • The endpoint is licensed correctly. Go to the Network page, in GravityZone Control Center, and make sure that the endpoint does not have Pending or Expired status under Protection Layers section.
  • The endpoint can successfully connect to its allocated Security Server through ports 7081 and 7083, if the Scan Type is set to Remote. This information is displayed by running the bduitool get ps command.

    In case the remote scan is used, no fallback engine is configured, and the endpoint cannot communicate with Security Server, then the Antimalware module will not work at all. For example, run the following command:

    sudo /opt/BitDefender/bin/bduitool get ps

    In this case, the output will look like this:

    Product version: 6.2.20.87
    Last succeeded update: 2018-10-31 at 16:48:55
    New product update available: no
    Signatures version: 7.77462
    New signatures update available: yes
    Installed scan type: Remote
    Installed scan type fallback: None
    Currently used scan type: None
    Features:
    - Antimalware status: Off
  • The security agent is using a newer kernel than 2.6.37 and the Fanotify feature is active in the kernel. To learn how to configure Fanotify in Debian 8, refer to this KB article.
  • SELinux is disabled or set to Permissive on the endpoint. If SELinux is active with Enforcing setting, On-access scanning will not function correctly. For details about managing SELinux on systems running BEST, refer to this KB article.
  • For endpoints using kernels with version 2.6.36 or below, the DazukoFS kernel module is installed and loaded for supported kernel versions. To check if the DazukoFS module is loaded, run the following command:
    lsmod | grep dazuko

If all the above conditions are met, but the Antimalware module is still disabled, contact the Bitdefender Business Support Team.


Rate this article:

Submit