Issue
ELS kernel updates results in Crowdstrike Endpoint Detection and Response (EDR) protection becoming inactive due to a failure to recognize the updated kernel version.
Environment
- CentOS 7 ELS
- Crowstrike
Cause
TuxCare applies fixes to the kernel, resulting in changes to the package and kernel versions. Even though Application Binary Interface (ABI) compatibility is maintained, the kernel version itself is updated. Crowdstrike's EDR solution checks the kernel version, and if it doesn't recognize the updated version, it fails to become active. We currently don't have a workaround available for this issue as it depends on Crowdstrike's detection logic.
Comments
0 comments
Please sign in to leave a comment.