Malware count is different when clicked on different modules
Issue Description
Malware count is different when clicked on different modules.
Error/Warning Information
Handling Process
Simple Method
-
Switch the date to Last Detected, and if the numbers still abnormal proceeed to next stage.
-
Restart the sampled services using the command below and repeat Step 1 to verify if the issue had been resolved.
Stop sampled services
/sf/edr/manager/bin/eps_services stop sampled
Start sampled services
/sf/edr/manager/bin/eps_services start sampled
If the problem is not resolved with simple method, proceed with the advanced method.
Root Cause
Endpoint Secure calculation bug Security Events
Solution
Advanced troubleshooting method below:
-
Stop sampled services
Command:/sf/edr/manager/bin/eps_services stop sampled -
Perform backup for the sampled file.
Command:cp /sf/edr/manager/bin/sampled /sf/edr/manager/bin/sampled.bk -
Replace the existing sampled file with the new sampled file.
Command:mv /tmp/sampled /sf/edr/manager/bin/sampled -
Add execute permission to the sampled file.
chmod +x /sf/edr/manager/bin/sampled -
Start sampled services.
Command:/sf/edr/manager/bin/eps_services start sampled
Note:
- The location of sampled file:
/sf/edr/manager/bin/sampled - Modified version of file ‘sampled’ is attached below.
- This is temporaily solution. Proper solution by patching is still being developed by R&D.