Professional Documents
Culture Documents
Falcon Sensor Known Issues
Falcon Sensor Known Issues
Download Date: Tue Jun 29 2021 14:04:00 GMT-0500 (hora de verano central)
Tables may appear overly compressed with full navigation in the Support Portal. Click here to view this article's permalink page in a
more fullscreen view.
Windows
Issue where a process may 10
crash with concurrent use of Windows
JScript on Windows 10, Upgrade sensor to 6.23.13702 or
Server 6.22.13607
Windows Server 2016, or higher
2016
and earlier
Windows Server 2019 when Windows
Script-Based Execution Server
Monitoring is enabled. 2019
Windows
(all
supported)
The issue
is limited
to
processes
(.exe files)
Sensor Visibility Exclusions being run
(SVEs) based on process paths 1. Upgrade sensor to 6.22.13607 or
from
may not be applied correctly higher.
excluded
with sensor versions 6.20 and 2. Refer to all warnings about SVE in
paths, and 6.20.13510
our Allowlisting Guide and the
6.21. This could result in does not
Detection and Prevention Policies 6.20.13408
performance regressions and affect
false positive detections if guide (Falcon console → Support →
exclusions
SVEs were previously used to Documentation).
that target
mitigate these problems. data files
such as
source
code or
object
files that
do not get
executed.
Mac Sensor
Affected
Affected
Issue Resolution Sensor
Systems
Versions
An issue that can cause the sensor macOS
Upgrade to sensor 6.21.13403
to fail to connect to the cloud (all
6.23.13601 or higher and earlier
when DNS is unavailable. supported)
Linux Sensor
Affected
Issue Affected Systems Resolution Sensor
Versions
IPv4 UDP packet inspection introduced in Upgrade
CentOS/RHEL
6.19.11610 may cause memory leak sensor to
6 and 7
conditions, leading to allocation failures and 6.20.11611 6.19.11610
SLES 11 SP4
memory fragmentation. or higher
Upgrade
Linux (all sensor to
Larger memory allocations by sensor will fail, 6.12.10913
and dmesg log shows page allocation failures. supported) 6.14.11110 6.12.10912
or higher
Upgrade to
Creation of user space falcon-sensor crash Linux (all
sensor 6.16.11308
supported)
dumps when seccomp failures occur due to 6.16.11312 and earlier
Dynatrace
injection of code by Dynatrace. or higher
Upgrade to
Sensor overhead caused by kcs-evbreap, kcs- Linux (all sensor 6.16.11308
term, and kcs-created threads. supported) 6.16.11312 and earlier
or higher
Upgrade
Kernel memory growth issue that could be Linux (all sensor to 6.14.11110
supported) 6.16.11312
triggered by high rate of process creation. and earlier
or higher
Affected
Issue Affected Systems Resolution Sensor
Versions
Upgrade
Larger memory allocations by sensor will fail, Linux (all sensor to 6.12.10913
supported) 6.14.11110
and dmesg log shows page allocation failures. 6.12.10912
or higher
Container Sensor
Affected
Affected
Issue Resolution Sensor
Systems
Versions
Linux (all Upgrade sensor to
The ConfigBuild version in the Event
supported) 6.19.202 or higher 6.18.106
details shows incorrect values.