On-access scanning in Bitdefender Endpoint Security Tools for Linux
This section describes how to troubleshoot On-access scanning on Bitdefender Endpoint Security Tools for Linux.
In some situations, On-access scanning from Bitdefender Endpoint Security Tools may not properly work on the Linux endpoint. There are two main possible causes:
On-access scanning is disabled from the policy settings regarding the Antimalware module.
On-access scanning is incompatible with certain security policies applied on that endpoint. This usually happens because of missing dependencies on the endpoint operating system.
To find out why On-Access scanning is not working, you have to verify:
The status of the Antimalware module
The conditions required by Bitdefender Endpoint Security Tools for Linux
The status of the Antimalware module
Verify that the Antimalware module On-access scanning is enabled on the security agent, run the following command:
sudo /opt/BitDefender/bin/bduitool get ps
Command output
Product version: 6.2.20.63 Last succeeded update: 2018-05-07 at 19:05:28 New product update available: no Signatures version: 7.75906 New signatures update available: yes Installed scan type: Full Installed scan type fallback: None Currently used scan type: Full Features:- Antimalware status: Off
In this output, the Antimalware module status is Off. This is only referring to the On-access scanning feature of the Antimalware module.
The On-demand scanning feature of the Antimalware module is always enabled.
Conditions required by Bitdefender Endpoint Security Tools for Linux
To make sure that the Antimalware module is working properly, check the following conditions:
The endpoint has a security policy active that does not disable On-access scanning. Also, check in the GravityZone console that On-access scanning for Linux option is enabled in the policy and has target paths defined in the list.
The endpoint is correctly communicating with the GravityZone console or with the assigned relay endpoint.
The endpoint is licensed correctly. Go to the Network page from the left side menu, in GravityZone Control Center, and make sure that the endpoint does not have Pending or Expired status under Protection Layers section.
The endpoint can successfully connect to its allocated Security Server through ports 7081 and 7083, if the Scan Type is set to Remote. This information is displayed by running the bduitool get ps command.
In case the remote scan is used, no fallback engine is configured, and the endpoint cannot communicate with Security Server, then the Antimalware module will not work at all. For example, run the following command:
sudo /opt/BitDefender/bin/bduitool get ps
In this case, the output will look like this:
Product version: 6.2.20.87Last succeeded update: 2018-10-31 at 16:48:55New product update available: noSignatures version: 7.77462New signatures update available: yesInstalled scan type: RemoteInstalled scan type fallback: NoneCurrently used scan type: NoneFeatures:- Antimalware status: Off
The security agent is using a newer kernel than 2.6.37 and the Fanotify feature is active in the kernel. To learn how to configure Fanotify in Debian 8, refer to Bitdefender Endpoint Security Tools compatibility with Debian 8.
SELinux is disabled or set to Permissive on the endpoint. If SELinux is active with Enforcing setting, On-access scanning will not function correctly. For details about managing SELinux on systems running BEST, refer to Making SELinux compatible with On-Access scanning in BEST Linux.
For endpoints using kernels with version 2.6.36 or below, the DazukoFS kernel module is installed and loaded for supported kernel versions. To check if the DazukoFS module is loaded, run the following command:
lsmod | grep dazuko
If all the above conditions are met, but the Antimalware module is still disabled, contact the Bitdefender Business Support Team.