The following section describes the known problems of AppDefense with Linux VM.

Solution

  1. For RHEL 7.1, 7.2 and CentOS 7.1, 7.2, use kernel version >= 3.10.0-514.el7.x86_64 for optimal performance. Otherwise upgrade to RHEL 7.3 and above, or CentOS 7.3 and above.
  2. Problem: Upgrade of guest module for Ubuntu VM will not work for any of the previous releases to the 2.3 release. To upgrade Ubuntu VM, perform the following steps.
    1. Remove Ubuntu package from the system using the sudo apt-get purge vmw-glx Guest-Introspection-for-VMware-NSX command.
    2. Install the AppDefense Guest Module 2.3 version on the Ubuntu system as described in the Install Guest Module on Linux System Using VMware Package Repository.
  3. Problem: Guest driver uses the VMware Virtual Machine Communication Interface (VMCI) channel to communicate with the host.
    Virtual Machine Communication Interface (VMCI) is an upstream gateway and has a known problem with the VMCI with vsock (1.0.1.0-k), vmw_vsock_vmci_transport (1.0.2.0-k), and vmw_vmci (1.1.3.0-k) drivers.

    To work around this problem, upgrade the mentioned drivers to the versions suggested by the Linux distribution.

  4. Problem: AppDefense does not work in virtual machines that have Fault Tolerance (FT) enabled.
    The underlying infrastructure required by AppDefense does not work with Fault Tolerant virtual machines. This limitation applies to both Linux and Windows guest virtual machines. On fault tolerant systems, AppDefense drivers do not run due to VMCI Interop issues. You must disable the fault tolerance. For more information about disabling fault tolerance, refer to the Knowledge Base Article.
  5. Problem: The parent process command-line Information is shown to provide more information about the process. Sometimes, the parent process command-line Information is not correct or reliable.
    The parent process information is not being used for any policy making or decision. Following information is displayed for the processes that exist when the AppDefense guest agent starts.
    • Process binary absolute path.
    • Process MD5 and SHA256 hashes.
    • Command line the process started with PID (process identity).

    Following information is displayed for the processes that are created after the AppDefense guest agent starts.

    • Parent Process binary absolute path.
    • Parent Process MD5 and SHA256 hashes.
    • Parent Command line the process started with PPID (parent process identity).