Professional Documents
Culture Documents
Imperva SecureSphere v13.3 Agent Release Notes
Imperva SecureSphere v13.3 Agent Release Notes
Imperva SecureSphere v13.3 Agent Release Notes
Release Notes
v13.3
December 2018
Copyright Notice
© 2002 - 2018 Imperva, Inc. All Rights Reserved.
Follow this link to see the SecureSphere copyright notices and certain open source license terms:
https://www.imperva.com/sign_in.asp?retURL=/articles/Reference/SecureSphere-License-and-Copyright-Information
This document is for informational purposes only. Imperva, Inc. makes no warranties, expressed or implied.
No part of this document may be used, disclosed, reproduced, transmitted, transcribed, stored in a retrieval
system, or translated into any language in any form or by any means without the written permission of Imperva,
Inc. To obtain this permission, write to the attention of the Imperva Legal Department at: 3400 Bridge Parkway,
Suite 200, Redwood Shores, CA 94065.
Information in this document is subject to change without notice and does not represent a commitment on the
part of Imperva, Inc. The software described in this document is furnished under a license agreement. The software
may be used only in accordance with the terms of this agreement.
This document contains proprietary and confidential information of Imperva, Inc. This document is solely for the
use of authorized Imperva customers. The information furnished in this document is believed to be accurate and
reliable. However, no responsibility is assumed by Imperva, Inc. for the use of this material.
TRADEMARK ATTRIBUTIONS
Imperva and SecureSphere are trademarks of Imperva, Inc.
All other brand and product names are trademarks or registered trademarks of their respective owners.
PATENT INFORMATION
The software described by this document is covered by one or more of the following patents:
US Patent Nos. 7,640,235, 7,743,420, 7,752,662, 8,024,804, 8,051,484, 8,056,141, 8,135,948, 8,181,246, 8,392,963,
8,448,233, 8,453,255, 8,713,682, 8,752,208, 8,869,279 and 8,904,558, 8,973,142, 8,984,630, 8,997,232, 9,009,832,
9,027,136, 9,027,137, 9,128,941, 9,148,440, 9,148,446 and 9,401,927.
Imperva Inc.
3400 Bridge Parkway
Redwood Shores, CA 94065
United States
Tel: +1 (650) 345-9000
Fax: +1 (650) 345-9004
Website: http://www.imperva.com
General Information: info@imperva.com
Sales: sales@imperva.com
Professional Services: consulting@imperva.com
Technical Support: support@imperva.com
Imperva-SecureSphere-v13.3-Agent-Release-Notes-v3
Release Highlights
SecureSphere Agents Features Released with the GA
Database Discovery: SecureSphere Agents now support the automatic discovery of data interfaces for
Teradata and SAP-HANA databases. This contributes to a fast and automatic database onboarding process,
reduces the need to manually explore, and adds monitoring for these services
Solaris ASO (NDE): SecureSphere Agents now support the monitoring of NDE (ASO) connections with Oracle
databases on Solaris OS when databases are running in both global and kernel zones. Supported with Solaris
SPARC 10 and 11 running Oracle Databases 11.2 through 12.2
ASO IPC Interfaces for Oracle: SecureSphere Agents now supports the monitoring of NDE (ASO) encrypted
connections over IPC interfaces for Oracle databases
Audit Fidelity
Enhanced Capping Mode: SecureSphere Agents now offer an enhanced capping mode. During system
overload, it's now possible to auto exclude read/write operations while maintaining monitoring for
login/logout operations
ASO Notification: The SecureSphere Agent can now notify users when monitoring of NDE connection (ASO)
with Oracle databases is required even though SecureSphere isn't configured to do so
EIK as Default: SecureSphere Agents for DAM now include a default configuration that uses EIK (as opposed to
PCAP). EIK enables additional advanced functionalities. For more information, see the topic Monitoring
External Traffic Using PCAP and EIK in the Database Security User Guide
Expanded OS Coverage: SecureSphere Agent for Database packages now support SUSE Linux Enterprise Server
(SLES) 12 Service Pack 3
64 bit Solaris with 32 bit GLIBC Wrapper: SecureSphere Agents now support 64 bit Solaris OS installation
without needing to install a 32 bit GLIBC wrapper
SecureSphere Features that work with the SecureSphere Agent:
Teradata Monitoring Enhancements: SecureSphere now incorporates new technology for intercepting traffic
using database vendor APIs for auditing and enforcing security policies. This provides:
Monitoring (and blocking) of encrypted connections
Support for monitoring database client details, OS user chaining, and failed logins, without needing a log
collector
Hot upgrade and API load/unload (doesn't require database shutdown)
New API enhancements, supported with Teradata 16.10 and later
Note: In Unix and Unix-like systems, the bash shell must be available before installing the SecureSphere
Agent.
Note: The topics in this section explicitly related to standard SecureSphere Agents, they are not
relevant for SecureSphere Agent for Big Data.
Note: This section is not relevant to Windows SecureSphere Agents, because there is only one
installation package for all supported versions of Windows.
To determine which non-Windows SecureSphere Agent package to download and install, see SecureSphere Agent
Package on page 5.
Alternatively, you can use the which_ragent_package_xxxx.sh script (where xxxx is the version number of the
script) which you can download from the Imperva FTP site at
/Downloads/SecureSphere_Agents/Misc/
The script should be run on the database server and takes a single parameter, the SecureSphere Agent version
number you want to install.
Table 1 which_ragent_package_xxxx.sh Parameters
Parameter Description
For example:
[root@agents-system tmp]# ./which_ragent_package_[version].sh -v 13.0
This means that you want the script to return the name of the SecureSphere Agent version v 13.0 package for the
platform on which the script is run.
The script returns the OS, OS version, platform, kernel version and the name of the SecureSphere Agent package
you should download and install. For example:
Notes:
For servers that can host both regular and Big Data Agents, output includes the requisite package
for both scenarios, as seen in the above example.
Always download the latest version of the which_ragent_package_xxxx.sh before using it,
otherwise it may point you to an out-of-date SecureSphere Agent package.
Before downloading the SecureSphere Agent package, verify that the script has correctly
identified your OS, OS version, platform and kernel version.
10 SecureSphere Agent Release Notes
Installing SecureSphere Agents
Note: All platforms listed below additionally support patches installed on the listed versions.
Unix-based Agents
AIX
AIX 7.1 64-bit Imperva-ragent-AIX-v71-ppowerpc64-b13.0.0.10.0.505755.tar.gz
AIX 7.2 64-bit Imperva-ragent-AIX-v72-ppowerpc64-b13.0.0.10.0.505755.tar.gz
HP-UX
HP-UX B11.31 Itanium Imperva-ragent-HPUX-v11.31-pia64-b13.0.0.10.0.505755.tar.gz
HP-UX B11.31 PA-RISC Imperva-ragent-HPUX-v11.31-phppa-b13.0.0.10.0.505755.tar.gz
OEL
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
OEL 5 UEK 1 64-bit (2.6.32-100.26.2) Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b13.0.0.10.0.512018.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-300.7.1 to Imperva-ragent-OEL-v5-kUEK-v1-ik2-px86_64-b13.0.0.10.0.512018.tar.gz
2.6.32-300.39.2)
OEL 5 UEK 1 64-bit (2.6.32-400.21.1) Imperva-ragent-OEL-v5-kUEK-v1-ik3-px86_64-b13.0.0.10.0.512018.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.23 to Imperva-ragent-OEL-v5-kUEK-v1-ik4-px86_64-b13.0.0.10.0.512018.tar.gz
the latest version of 2.6.32-400 UEK
kernel series supported by Oracle)
SecureSphere Agent Release Notes 11
Installing SecureSphere Agents
Solaris
Sun 5.10 SPARC Imperva-ragent-SunOS-v5.10-psparcv9-b13.0.0.10.0.507771.tar.gz
Sun 5.10 x86 64-bit Imperva-ragent-SunOS-v5.10-px86_64-b13.0.0.10.0.505755.tar.gz
Sun 5.11 SPARC Imperva-ragent-SunOS-v5.11-psparcv9-b13.0.0.10.0.507771.tar.gz
Sun 5.11 x86 64-bit Imperva-ragent-SunOS-v5.11-px86_64-b13.0.0.10.0.505755.tar.gz
SUSE
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
SUSE 10 64bit SP3 for Teradata Imperva-ragent-TD-SLE-v10SP3-kTD-px86_64-b13.0.0.10.0.505755.tar.gz
(2.6.16.60-0.91.TDC.1.R.0 to 2.6.16.60-
0.9999.TDC.1.R.0)
SUSE 11 64 bit SP3 bigSMP Imperva-ragent-SLE-v11SP3-kBIGSMP-px86_64-b13.0.0.10.0.505755.tar.gz
SUSE 11 64 bit SP3 Imperva-ragent-SLE-v11SP3-kSMP-px86_64-b13.0.0.10.0.505755.tar.gz
12 SecureSphere Agent Release Notes
Installing SecureSphere Agents
Ubuntu
Ubuntu 14.04 (4.2.0-27 and 4.4.0-34) Imperva-ragent-UBN-v14-kUBN-px86_64-b13.0.0.10.0.505755.tar.gz
Windows-based Agents
For detailed information see Supported Windows Platforms below. This version supports: 32-bit and 64-bit
Windows Imperva-ragent-Windows-b13.0.0.10.0.512010.zip
Note: All platforms listed below additionally support patches installed on the listed versions.
Unix-based Agents
OEL
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
OEL 7 UEK 4 64-bit Imperva-ragent-OEL-v7-kUEK-v4-px86_64-b13.1.0.10.0.531235.tar.gz
Solaris
Sun 5.10 SPARC Imperva-ragent-SunOS-v5.10-psparcv9-b13.1.0.10.0.533133.tar.gz
Sun 5.11 SPARC Imperva-ragent-SunOS-v5.11-psparcv9-b13.1.0.10.0.533133.tar.gz
SUSE
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
Ubuntu
Ubuntu 16.04+ Imperva-ragent-UBN-px86_64-b13.1.0.10.0.533133.tar.gz
Note: All platforms listed below additionally support patches installed on the listed versions.
Unix-based Agents
AIX
HP-UX
OEL
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
OEL 5 UEK 1 64-bit (2.6.32-100.26.2) Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b13.2.0.10.0.545875.tar.gz
Solaris
SUSE
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
SUSE 10 64bit SP3 for Teradata Imperva-ragent-TD-SLE-v10SP3-kTD-px86_64-b13.2.0.10.0.545875.tar.gz
(2.6.16.60-0.91.TDC.1.R.0 to 2.6.16.60-
0.9999.TDC.1.R.0)
SUSE 11 64 bit SP3 bigSMP Imperva-ragent-SLE-v11SP3-kBIGSMP-px86_64-b13.2.0.10.0.545875.tar.gz
SUSE 11 64 bit SP3 Imperva-ragent-SLE-v11SP3-kSMP-px86_64-b13.2.0.10.0.545875.tar.gz
SUSE 11 64-bit SP4 Imperva-ragent-SLE-v11SP4-kSMP-px86_64-b13.2.0.10.0.545875.tar.gz
SUSE 11 64bit SP1 for Teradata Imperva-ragent-TD-SLE-v11SP1-kTD-px86_64-b13.2.0.10.0.545875.tar.gz
(2.6.32.54-0.23.TDC.1.R.2)
SUSE 11 64bit SP1 for Teradata Imperva-ragent-TD-SLE-v11SP1-kTD-ik2-px86_64-b13.2.0.10.0.545875.tar.gz
(2.6.32.54-0.35.TDC.1.R.1 to 2.6.32.54-
0.9999.TDC.1.R.1)
Ubuntu
Windows-based Agents
Note: For detailed information see Supported Windows Platforms below. This version supports: 32-bit and 64-bit.
Windows Imperva-ragent-Windows-b13.2.0.10.0.542191.zip
Database, Big Data and File Agent Packages Released with v13.3
Agents packages in this patch include fixes for the Spectre Variant 2 vulnerability which include CVE-2017-5715,
CVE-2017-5753, and CVE-2017-5754.
Important Note: Starting in Q3 2019, Imperva Agents will no longer support older database kernels that are
exposed to any known variant of the Spectre vulnerability. Imperva Agent released past this date will only support
updated kernels that no longer include those vulnerabilities. In order to provide continuation of support for new
Imperva Agents starting in Q3 2019, it will be required that database OSs running Imperva Agents be patched.
OS / Version Installation File Name
Note: All platforms listed below additionally support patches installed on the listed versions.
Unix-based Agents
AIX
AIX 7.1 64-bit Imperva-ragent-AIX-v71-ppowerpc64-b13.3.0.10.0.552826.tar.gz
AIX 7.2 64-bit Imperva-ragent-AIX-v72-ppowerpc64-b13.3.0.10.0.552826.tar.gz
HP-UX
HP-UX B11.31 Itanium Imperva-ragent-HPUX-v11.31-pia64-b13.3.0.10.0.552826.tar.gz
HP-UX B11.31 PA-RISC Imperva-ragent-HPUX-v11.31-phppa-b13.3.0.10.0.552826.tar.gz
OEL
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
OEL 5 UEK 1 64-bit (2.6.32-100.26.2) Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b13.3.0.10.0.555141.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-300.7.1 to Imperva-ragent-OEL-v5-kUEK-v1-ik2-px86_64-b13.3.0.10.0.555141.tar.gz
2.6.32-300.39.2)
OEL 5 UEK 1 64-bit (2.6.32-400.21.1) Imperva-ragent-OEL-v5-kUEK-v1-ik3-px86_64-b13.3.0.10.0.555141.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.23 to Imperva-ragent-OEL-v5-kUEK-v1-ik4-px86_64-b13.3.0.10.0.555141.tar.gz
the latest version of 2.6.32-400
series supported by Oracle)
OEL 5 UEK 2 64-bit (2.6.39-400.17.1 Imperva-ragent-OEL-v5-kUEK-v2-px86_64-b13.3.0.10.0.555141.tar.gz
to the latest version of 2.6.39-400
series supported by Oracle)
OEL 6 UEK 2 64-bit (2.6.39-400.17.1 Imperva-ragent-OEL-v6-kUEK-v2-px86_64-b13.3.0.10.0.555141.tar.gz
to the latest version of 2.6.39-400
series supported by Oracle)
OEL 6 UEK 3 64-bit (3.8.13-16 to the Imperva-ragent-OEL-v6-kUEK-v3-px86_64-b13.3.0.10.0.555141.tar.gz
latest version of 3.8.13 series
supported by Oracle)
OEL 6 UEK 4 64-bit (4.1.12-32.1.2 to Imperva-ragent-OEL-v6-kUEK-v4-px86_64-b13.3.0.10.0.555141.tar.gz
the latest version of 4.1.12 series
supported by Oracle)
OEL 7 UEK 3 64-bit (3.8.13-35.3.1 to Imperva-ragent-OEL-v7-kUEK-v3-px86_64-b13.3.0.10.0.555141.tar.gz
the latest version of 3.8.13 series
supported by Oracle)
OEL 7 UEK 4 64-bit (4.1.12-32.1.2 to Imperva-ragent-OEL-v7-kUEK-v4-px86_64-b13.3.0.10.0.555141.tar.gz
the latest version of 4.1.12 series
supported by Oracle)
Solaris
Sun 5.10 SPARC Imperva-ragent-SunOS-v5.10-psparcv9-b13.3.0.10.0.552826.tar.gz
Sun 5.10 x86 64-bit Imperva-ragent-SunOS-v5.10-px86_64-b13.3.0.10.0.552826.tar.gz
Sun 5.11 SPARC Imperva-ragent-SunOS-v5.11-psparcv9-b13.3.0.10.0.552826.tar.gz
Sun 5.11 x86 64-bit Imperva-ragent-SunOS-v5.11-px86_64-b13.3.0.10.0.552826.tar.gz
SUSE
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms on page 6 .
SUSE 10 64bit SP3 for Teradata Imperva-ragent-TD-SLE-v10SP3-kTD-px86_64-b13.3.0.10.0.555141.tar.gz
(2.6.16.60-0.91.TDC.1.R.0 to
2.6.16.60-0.9999.TDC.1.R.0)
SUSE 11 64-bit SP4 Imperva-ragent-SLE-v11SP4-kSMP-px86_64-b13.3.0.10.0.555141.tar.gz
SUSE 11 64bit SP1 for Teradata Imperva-ragent-TD-SLE-v11SP1-kTD-px86_64-b13.3.0.10.0.555141.tar.gz
(2.6.32.54-0.23.TDC.1.R.2)
SUSE 11 64bit SP1 for Teradata Imperva-ragent-TD-SLE-v11SP1-kTD-ik2-px86_64-
(2.6.32.54-0.35.TDC.1.R.1 to b13.3.0.10.0.555141.tar.gz
2.6.32.54-0.9999.TDC.1.R.1) Note: This package does not include a fix for the Spectre v2 vulnerability.
SUSE 11 64bit SP3 for Teradata Imperva-ragent-TD-SLE-v11SP3-kTD-px86_64-b13.3.0.10.0.555141.tar.gz
(3.0.101-0.101.TDC.1.R.0 to 3.0.101-
0.9999.TDC.1.R.0)
SUSE 12 64-bit SP2 Imperva-ragent-SLE-v12SP2-kSMP-px86_64-b13.3.0.10.0.555141.tar.gz
SUSE 12 64-bit SP3 Imperva-ragent-SLE-v12SP3-kSMP-px86_64-b13.3.0.10.0.555141.tar.gz
Ubuntu
Ubuntu 14.04 (4.2.0-27 and 4.4.0-34 Imperva-ragent-UBN-v14-kUBN-px86_64-b13.3.0.10.0.555141.tar.gz
and 4.4.0-112)
Ubuntu 16.04+ Imperva-ragent-UBN-px86_64-b13.3.0.10.0.555141.tar.gz
Windows-based Agents
Note: For detailed information see Supported Windows Platforms below. This version supports: 32-bit and 64-bit
Windows Imperva-ragent-Windows-b13.3.0.10.0.552875.zip
Open Issues
ID OS DB/ Product Description
When working in PCAP mode on TCP external, when all channels are
AGNT-6537 AIX All Databases removed from a specific interface, the agent process is restarted.
User name' is not part of the process argument, and therefore cannot be
excluded as part of the 'argument' in the process details criteria.
Workaround: use the 'user name' field instead of the 'process argument'
AGNT-7542 AIX All Databases field.
When monitoring Informix SHM, audit data may be missing for large
AGNT-7249 AIX Informix responses.
In AIX 7.1, in rare cases, when monitoring Informix SHM large responses,
AGNT-7513 AIX Informix part of the response is missing in the audit.
AGNT-9115 AIX Informix Traffic might not be audited for local connections for Informix v10.
AGNT-8223 AIX Oracle Audit loss of up to 0.3% of the traffic was encountered.
AGNT-8446 AIX Oracle Limitation: ASO is not supported on AIX WPAR.
Only 126 ASO connections out of 200 that are opened concurrently are
AGNT-9801 AIX Oracle monitored.
If ASO interception is disabled in the Agent, and there are ASO connections
AIX, Linux, in the Database, alarm won't be generated until a new ASO connection
AGNT-10234 Solaris Oracle starts.
When monitoring external traffic in PCAP mode, an agent move to a
gateway that was not a part of the original cluster (the cluster when the
AIX, Solaris, agent registered to it) could have caused packet loss. Relevant to AIX,
AGNT-8556 Windows All Databases Windows and Solaris 11.
When upgrading the agent from version earlier than 12 Patch 7 to version
13 and above, database discovery might fail. Workaround: manually
update the ACP using MX under Setting > Software Update > More >
AGNT-10076 All All Databases Import Agent Compatibly Package.
If the RemoteAgent listener in the SecureSphere Gateway is changed from
non SSL to SSL, the SecureSphere Agents registered to this Gateway will no
longer be able to communicate with the gateway. Workaround: re-register
AGNT-10194 All All Databases relevant SecureSphere Agents.
Incomplete audit for TCP local traffic. Workaround: Add the following item
in the SecureSphere Agent's Advanced Configuration pane:
<kernel_support_local_traffic_in_server_side>0</kernel_support_local_tra
AGNT-10266 Unix MySQL ffic_in_server_side>.
When agent is being update from a version that does not support open-
mode to a version that supports open mode, open-mode ASO connections
AGNT-10040 Unix Oracle are not monitored.
If Oracle is configured to work in shared-server-mode, Diffie-Hellman
AGNT-10042 Unix Oracle connections will not be monitored.
ASO | No audit is available for Diffie Hellman encrypted traffic if the Oracle
AGNT-7902 Unix Oracle database being audited is configured to work in 'shared mode.'
Open mode is not supported for encrypted and non-encrypted Oracle
connections during upgrade from Agent version less than v12 to Agent
version v12 and newer, when ASO monitoring is enabled prior to the
AGNT-8409 Unix Oracle upgrade.
If monitoring Diffie-Helman traffic while ASO in the agent is disabled, agent
enters running with errors. If disabling DH traffic on the database while
AGNT-9389 Unix Oracle ASO is still disabled in the agent, running-with-errors persists.
AGNT-9649 Unix Oracle The Injection Manager process may crash when it's stopped.
When working with connections that utilize high ports with Progress DB,
AGNT-8054 Unix Progress open mode is not supported.
When upgrading from agent versions earlier than 11.0, server might cause
lower agent performance. Workaround: Reboot the database server
AGNT-6189 Windows All Databases after upgrade.
AGNT-6256 Windows All Databases On rare occasions, agent uninstall may fail.
AGNT-7084 Windows All Databases Upgrading the Windows Agent to the same Agent version will fail.
When working in PCAP mode, if WINPCAP is not installed and the TCP
external data interface exists, then the TCP loopback data interface might
AGNT-7109 Windows All Databases not be monitored.
When executing first time installation of the SecureSphere Agent or
upgrading from v11.0 and earlier and working with EIK on Windows Server
2008 and newer, SecureSphere cannot monitor previously established
AGNT-7369 Windows All Databases connections.
AGNT-7533 Windows All Databases On rare occasions, process details are missing.
On rare occasions, after uninstalling the SecureSphere Agent, its related
AGNT-8158 Windows All Databases processes might still be running.
When a MySQL, Oracle or DB2 database is accessed using Windows
authentication and Kerberos authentication is used, the username will not
AGNT-8680 Windows All Databases be audited.
On Windows Server 2012, if open connections exist prior to installing the
agent, running new short connections could cause non-existent logouts to
AGNT-8764 Windows All Databases appear in audit of open mode connections.
AGNT-8765 Windows All Databases Updating a channel (etc. disabling then re-enabling) causes audit loss.
AGNT-8915 Windows All Databases DrWeb antivirus mistakenly detects Imperva agent as a Trojan.
When external traffic is monitored by pcap on windows platforms,
disabling and enabling network interface while agent is running will cause
AGNT-8920 Windows All Databases complete audit loss. Workaround: restart the Agent.
On Windows 2000 servers, the SecureSphere Agent might report the
AGNT-8960 Windows All Databases wrong number of cores.
AGNT-8127 Windows CIFS Audit is missing for shared folders with a name longer than 260 characters.
Source IP address may be missing for access on path longer than 260
AGNT-8129 Windows CIFS characters.
When configuring a user exclusion, only users that appear in remote traffic
AGNT-8303 Windows CIFS are excluded, while users in local access are not excluded.
Multichannel connections may be audited with 0.0.0.0 source IP in cases
AGNT-8771 Windows CIFS that the server network adapter enables IPv6.
Limitation: "Source IP" audit parameter not supported with IPv6 related
AGNT-8772 Windows CIFS file operations. "0.0.0.0" is displayed under these conditions.
When two clients access the same file at the same time, source IP address
AGNT-8797 Windows CIFS is reported as 0.0.0.0 for both clients.
Missing source IP on Create and Read when accessing a Windows share
AGNT-8919 Windows CIFS from Linux smbclient.
When using an SMB1 client and trying to access a file without permission
AGNT-9595 Windows CIFS no source IP is audited.
When trying to access a folder without permission, the attempt is audited
AGNT-9596 Windows CIFS as access to a file, rather than a folder.
If the DB client connects to the DB server via 'shared memory,' the
AGNT-8678 Windows DB2 source IP address in audit is missing.
AGNT-8393 Windows MariaDB Maria DB IPC channel is not supported.
Certificate discovery might not work properly if two different databases are
AGNT-10137 Windows MSSQL running with the same user but with different domains.
Incorrect OS user chain in MX appears for external connections when
AGNT-10217 Windows MSSQL MSSQL Advanced Monitoring is enabled.
When applying non-exportable certificate for MSSQL2008 32 bit, no
AGNT-10390 Windows MSSQL external audit is monitored and there is no hashed user for local traffic.
After blocking in sniffing mode for local TCP connections, it takes about a
AGNT-6398 Windows MSSQL minute for the client to close the local TCP session.
In order for an MSSQL NP interface to be monitored, the MSSQL service
AGNT-6505 Windows MSSQL needs write privileges to the agents folders.
Local (loop-back) TCP traffic that is generated by client applications
AGNT-7947 Windows MSSQL based on the JDBC driver is not monitored by SecureSphere Agent.
When changing the login user of MSSQL server, its corresponding IPC
channel log directory needs to be manually deleted. Otherwise, there will
AGNT-7994 Windows MSSQL be no audit.
In cases where there is more than one MSSQL database on a server, all
databases are running and RC4 user is used for Kerberos, Hashed Users
AGNT-8087 Windows MSSQL may appear in audit.
Agent fails to discover certificate after changing user that runs the MSSQL
service. Workaround: Restart the database to discover the new certificate.
AGNT-8923 Windows MSSQL Relevant for MSSQL 2016.
In advanced mode, if a user ignores IPC channel and then un-ignores it,
AGNT-8988 Windows MSSQL existing connections are not monitored.
AGNT-9013 Windows MSSQL Blocking is not supported with MSSQL Advanced Monitoring.
Open mode connections are not monitored on remote-named-pipe
AGNT-9032 Windows MSSQL channel.
With an open mode connection in advanced monitoring mode, the user
AGNT-9138 Windows MSSQL name isn't displayed if the SecureSphere version is older than v12 Patch 1.
User name is not displayed for open mode connections in advanced
AGNT-9140 Windows MSSQL monitoring mode if the database is 32bit MSSQL.
AGNT-9234 Windows MSSQL Advanced monitoring mode does not support MSSQL 2008 32 bit.
User name detection in advanced monitoring mode is not supported in
AGNT-9235 Windows MSSQL MSSQL 32 bit.
When a machine has more than one MsSql server installed that are running
under the same user name but from different domains, the default MsSql
AGNT-9874 Windows MSSQL certificate might not be extracted for some of the servers.
MySQL connections may not be monitored if Diffie-Hellman authentication
AGNT-8606 Windows MySQL is used.
AGNT-5730 Windows SharePoint Revoke permissions for an attachment under a list item is not supported.
A SharePoint security policy configured to block upon file object
AGNT-6330 Windows SharePoint modification also blocks list objects.
AGNT-9116 Windows SharePoint Operations on checked out files are not blocked.
On SharePoint sites authenticated using "Claims," security polices using a
AGNT-9123 Windows SharePoint group based match criteria cannot block the activity
SharePoint security policy blocking cannot be disabled by changing the
AGNT-9193 Windows SharePoint action to "None."
In rare cases when uploading files to a SharePoint 2013 site by dragging the
files to the browser, the deletion of these files is not blocked by the
AGNT-9205 Windows SharePoint security policy.
AGNT-9610 Windows SharePoint SharePoint Blocking doesn't always block folder delete operation.
AGNT-9611 Windows SharePoint SharePoint Blocking doesn't always block folder creation.
When sending a query from a client in one domain to an MSSQL server in
Windows another domain with MSSQL service running an AD user in the first
AGNT-8913 2012 All Databases domain, hashed user is received.
AGNT-10523 AIX Oracle ASO monitoring was not supported in some Oracle versions.
AGNT-10531 AIX Oracle Agent caused high CPU usage when ASO monitoring was enabled.
AIX, Linux, On rare occasions, Running with Errors was encountered due to the
AGNT-10358 Solaris Oracle SecureSphere Agent failing to inject processes that were no longer running.
When a pattern for core file naming is configured, the limitation for the
AGNT-10157 All All Databases maximum number of core files did not work.
AGNT-10453 All All Databases Agent was Running with Errors even after it was restarted.
Cloudera
Hbase, SecureSphere RemoteAgent monitors only the first 10,000 HBase
Hortonworks connections. In addition, logout events in HBase could be displayed in MX
AGNT-10408 Linux HBase long time after the actual logout occurred.
After upgrading the SecureSphere Agent from v11.5 to v12.0 or higher,
AGNT-10118 Linux Oracle Oracle ASO open mode connections weren't audited.
Oracle ASO monitoring didn't work when root umask value is other than
AGNT-10427 Linux Oracle 0022.
Linux, RHEL, Spectre v2 mitigation retpoline might have been disabled in kernel when
AGNT-10230 SUSE, UEK All Databases Agent was installed on newer kernel versions.
When SecureSphere Agent was installed in a non-default location, the log
folder for Big Data discovery was
AGNT-10492 RHEL All Databases "/opt/imperva/ragent/etc/logs/discoveryRagent/ProcessDiscovery/".
Cloudera
Hbase,
Cloudera
HDFS,
Cloudera Hive,
DataStax
Cassandra,
Hortonworks
HBase,
Hortonworks
HDFS,
Hortonworks When SecureSphere Agent is installed in a non-default location, audit for
AGNT-10482 RHEL Hive HBase, Hive, HDFS and Cassandra may not have worked.
Cloudera
Hbase, Short user name was displayed in MX for HBase query events (non
Hortonworks login/logout). Full user name is displayed for all HBase events from HBase
AGNT-10378 RHEL HBase 1.1.3.
Cloudera
AGNT-10417 RHEL Impala Big Data Agent failed to audit Impala on Cloudera version 5.10.2.
When running on Hortonworks (HDP) HBase with Ranger plugin enabled,
Hortonworks Big Data agent was either running with errors or not monitoring grant and
AGNT-10437 RHEL HBase revoke commands.
In the event of a Failed Login in MongoDB, no error message was displayed
AGNT-10409 RHEL MongoDB in the MX phase 2 audit data SQL exception string field.
AGNT-10669 Solaris All Databases Imperva Agent caused a crash on Solaris 11.4 and above.
On some Solaris kernels (not common versions), after agent installation,
the agent moved to running with errors state with message "Couldn't
AGNT-6637 Solaris All Databases initialize TCP local traffic monitor."
When root user couldn't perform sudo, the Agent failed to monitor
AGNT-10117 SUSE Teradata Teradata traffic.
AGNT-10558 SUSE Teradata Teradata API monitoring didn't always work after agent restart.
AGIM-318 UEK All Databases No external traffic when EIK was enabled on kernel version 4.1.12-94.7.8
AGNT-10462 Unix Oracle When using Oracle 18 with ASO, no audit was available.
ACP was not working when the <package-dir> was not configured as
AGNT-10451 Windows MSSQL <intall-root-dir>.
AGNT-10494 Windows MSSQL Logs were created containing no information.
AGNT-10250 AIX, Linux, Oracle In rare cases, a SecureSphere Agent log files could have grown very large.
Solaris
AGNT-10349 AIX, Linux, Oracle SecureSphere Agent was printing errors and listing changes in kernel
Solaris system log.
AGNT-10358 AIX, Linux, Oracle On rare occasions, Running with Errors was encountered due to the
Solaris SecureSphere Agent failing to inject processes that were no longer
running.
AGNT-10065 Linux MSSQL Overall CPU utilization of SecureSphere Agent on MSSQL over Linux could
have reached 20%-25%.
AGNT-10074 Linux Oracle Oracle database froze when running external table queries.
AGNT-10118 Linux Oracle After upgrading the SecureSphere Agent from v11.5 to v12.0 or higher,
Oracle ASO open mode connections weren't audited.
AGNT-9952 Linux, RHEL All Databases SecureSphere Agent may not have audited traffic if Symantec Data
Center Security (DCS) was installed.
AGNT-10185 Solaris All Databases In rare cases, database server crashed when Agent driver kernel memory
was low.
AGNT-10019 SUSE All Databases In rare cases, due to startup scheduling, complete audit loss can occur.
AGNT-10117 SUSE Teradata When root user couldn't perform sudo, the Agent failed to monitor
Teradata traffic.
AGNT-9887 SUSE Teradata When using Teradata v16.10 or newer, and the database was under
heavy load, some of the connections would lack the client process details
AGNT-9913 SUSE Teradata With Teradata v16.10 and newer, a long agent installation path (longer
than 40 characters) could have caused ragent process crash on startup.
AGIM-318 UEK All Databases No external traffic when EIK was enabled on kernel version 4.1.12-94.7.8
AGNT-10225 UEK All Databases SecureSphere Agent failed to start with OEL UEK version 4.1.12-
94.7.8.el6uek.
AGNT-10201 Ubuntu All Databases RemoteAgent GTI (get tech info) could only be taken from the MX and
not through the RemoteAgent CLI.
AGNT-10063 Unix All Databases In rare cases, a small amount of audit loss could have been encountered.
AGNT-10056 Windows All Databases Running with errors "Agent restarting. Reason: System Capping event
occurred" was not always removed once the issue was resolved.
AGNT-9898 Windows MSSQL The Agent could have been running with errors when MSSQL Advanced
Monitoring was enabled and MSSQL database was uninstalled.
AGNT-9747 AIX Oracle In rare cases, Agent ASO on AIX might cause system to crash.
AGNT-9749 AIX Oracle Agent status could has been running with errors if there were open-
mode connections which the InjectionManager didn't succeed in
monitoring.
AGIM-290 All All Databases Agent memory usage passed limit when registered to trusted
environment.
AGNT-9516 All All Databases In some cases, Agents report running status instead of running with
errors, even though the gateway the agent is assigned to is disconnected.
AGNT-9759 All All Databases Agent memory usage exceeded limit when registered to a trusted
environment.
30 SecureSphere Agent Release Notes
Fixed Issues with SPHR Agent - v13.1
ID OS Agent Description
DB/Product
AGNT-9828 All All Databases The ragent process could crash when the kernel upgraded.
AGNT-9894 All All Databases When the agent was restarted due to capping event, system event
"agent status change" to disabled did not appear in the MX.
AGNT-9714 HP-UX All Databases Trying to retrieve Get Tech Info did not succeed and froze up.
AGNT-9772 HP-UX, Oracle Some Oracle cluster DB data interfaces were not auto discovered on HP-
Solaris UX and Solaris 11.
AGNT-9565 Linux All Databases Agent memory usage exceeded limit.
AGNT-9778 Linux All Databases The agent process could crash on start in 64-bit operation systems. The
problem occurred only when there was another driver that intercepted
the system calls.
AGNT-9761 Linux Oracle Upgrading Oracle 12.1 ASO monitoring to patch id 8841764 caused audit
loss.
AGNT-9812 RHEL All Databases Following OS kernel update for Meltdown and Spectre issues on x86_64
processors: Remote agent failed to start on kernel version 3.10.0-693.11
and up.
AGNT-9832 RHEL All Databases Following OS kernel update for Meltdown issue on Intel processors:
Remote agent failed to start on updated RHEL6.
AGNT-9961 RHEL, UEK All Databases Vendor Meltdown patches for RHEL and OEL6,7 UEK4 caused Agent to
fail during startup.
AGNT-10185 Solaris All Databases Database server might has crashed when Agent driver kernel memory is
low.
AGNT-9355 Solaris Oracle Open mode Oracle ASO connections were not being monitored on
Solaris.
AGNT-10019 SUSE All Databases In rare cases, due to startup scheduling, complete audit loss can occur.
AGNT-9941 SUSE All Databases Vendor Meltdown patches for SUSE caused the SecureSphere Agent to
fail during start.
AGNT-9693 SUSE Oracle The SecureSphere Agent for DAM could not decrypt traffic encrypted
using ASO when installed on Oracle Databases running on SUSE 12 SP2.
AGNT-9764 SUSE Teradata In Teradata when agent was in EIK mode there could have been loss of
audit when user connected to the database using ODBC.
AGNT-9913 SUSE Teradata With Teradata v16.10 and newer, a long agent installation path (longer
than 40 characters) could have caused ragent process crash on startup.
AGIM-295 UEK All Databases Agent didn't monitor traffic after OS update, resulting in running with
errors.
AGIM-301 UEK All Databases Following OS kernel update for Meltdown issue on Intel processors:
Remote agent failed to start on updated OEL7.
AGNT-9834 UEK All Databases Following OS kernel update for Meltdown issue on Intel processors:
Remote agent failed to start on updated OEL7.
AGNT-9780 Unix All Databases Localhost connections on IPV6 were not monitored.
AGIM-266 Windows All Databases Upgrading the SecureSphere Agent failed.
ID OS Agent Description
DB/Product
AGNT-9598 Windows MSSQL MSSQL Advanced Monitoring could have failed to inject the DLL when
ACP update was done before the MSSQL database was started.
AGNT-9612 Windows MSSQL MSSQL DB process might have crashed if the Agent was stopped quickly
and MSSQL Advanced Monitoring was enabled.
AGNT-9926 Windows MSSQL When MsSQL Advanced-Monitoring is enabled and there are high
number of concurrent connections, high System CPU might be
experienced.
AGIM-270 AIX Software upgrade could have failed due to MD5 verification.
AGNT-7768 AIX Couldn't install agent package.
AGNT-8623 AIX AIX agent would not always get assigned to a cluster.
AGNT-8993 AIX Oracle ASO open mode connection might have been missed if no /etc/oratab
was present.
AGNT-9747 AIX In rare cases, Agent ASO on AIX might cause system to crash.
AGNT-8360 AIX, Linux ASO monitoring injected code default directory (/lib/imperva) could be changed
by using <aso-shared-object-location> via advanced config.
AGNT-8488, AIX, Linux ASO logs folder (/opt/imperva/shared) had a 777 permission by default which
AGNT-8359 could have been reduced to 770 if the <shared-dir-group-owner> was used.
AGNT-8763 AIX, Linux, Oracle When working with ASO, open-mode connections were not audited.
AGNT-8505 AIX, RHEL, Solaris, IPC traffic was not intercepted or audited when working with ASO.
SUSE, UEK
AGNT-9271 AIX, Solaris When using ClusterManager and gateway is down, agent may require manual
restart in order to reconnect to one of the gateways.
AGIM-276 All OS Platforms Agent\Installer installation could have failed when environment variable TMPDIR
was set to a path other than "/tmp."
AGIM-290 All OS Platforms Agent memory usage passed limit when registered to trusted environment.
AGNT-6348 All OS Platforms SecureSphere failed to monitor traffic to databases when sub-interfaces with
new IP addresses were added while the agent was running.
AGNT-8548 All OS Platforms If memory allocation operation failed during driver initialization, the kernel
module would fail to load.
AGNT-8563 All OS Platforms The no-traffic system event could have been sent when no channels were
assigned.
ID Agent Description
Environment
AGNT-8588 All OS Platforms When the agent is configured to work in manual mode, data interface
configuration won't be applied on the agent and related traffic will be lost.
AGNT-8620 All OS Platforms When moving an agent from a Large Server Cluster to another Large Server
Cluster audit loss can occur.
AGNT-8656 All OS Platforms Agent failed to recover from disconnected state due to NTP time change.
AGNT-8697 All OS Platforms Agent log files could have taken up more disk space than allocated.
AGNT-9101 All OS Platforms Certain scenarios might cause the RemoteAgent or the Controller to crash when
receiving a new Agent Compatibility Package.
AGNT-9165 All OS Platforms After receiving a new ACP package, the Controller or Ragent processes of the
Remote Agent could have crashed.
AGNT-9180 All OS Platforms Possible memory corruption when receiving a new ACP package.
AGNT-9246 All OS Platforms No " DB IPV6 listener is identified" system event is sent when ipv6 is configured
on a loopback interface.
AGNT-9460 All OS Platforms Agent could cause system crash if number of CPUs were bigger than 2048.
AGNT-9525 All OS Platforms Installing agent or installer failed when environment variable TMPDIR was set to
a path other than "/tmp."
AGNT-9759 All OS Platforms Agent memory usage exceeded limit when registered to a trusted environment.
AGNT-8905 All OS Platforms, IPC channel was not supported with PostgreSQL DB.
Postgre
AGNT-8741 CIFS Missing source IP on Create and Read when accessing a Windows share from
Linux smbclient.
AGNT-8928 CIFS, Windows Audit records were missing the source IP when reading and writing lots of files
from a client.
AGNT-8107 HPUX, Linux, On high load systems audit loss could have occurred on local TCP. Additionally
Windows could have failed to load local tcp driver after agent restart. This could have
occurred on Linux when changing max processes ID in the system without
restating the agent.
AGIM-268 Linux Agent could fail to start if the agent folder was located on XFS with 64bit i-nodes.
AGNT-7440 Linux Request for gateway to block a response could have been ignored.
AGNT-8944 Linux Under rare circumstances, process creation might have crashed the server.
AGNT-9060 Linux IP addresses on loop-back interface that were different from 127.*.*.* were not
added to discovered Data Interface.
AGNT-9436 Linux Agent could have caused the database server to freeze when OS kernel version
was above 4.1.
AGNT-9442 Linux Agent could fail to start if the agent folder was located on XFS with 64bit i-nodes.
AGNT-9476 Linux RemoteAgent process might fail to initialize local traffic sniffer on Linux 32bit
operating systems. Workaround: configure "kernel-builder-size" to 4096 via
advanced configuration on the Agent tab in Management Server.
AGNT-9565 Linux Agent memory usage exceeded limit.
ID Agent Description
Environment
AGNT-9144 Linux, Oracle On rare occasions, when working with Oracle ASO, the SecureSphere Agent may
not be able to start properly after it was stopped.
AGNT-9309 Linux, Oracle The Injection Manager could have failed to inject the ASO DSO to the Oracle
process if "umask" was defined to mask read or execute permissions for group
or others.
AGIM-295 Linux, UEK Agent didn't monitor traffic after OS update, resulting in running with errors.
AGNT-8288 Linux, Unix Agent failed to install due to missing permissions to /tmp.
AGNT-8437 MS SQL When connecting remotely to Named pipe interface, the source IP in audit
screen was displayed as 0.0.0.0 .
AGNT-8924 MS SQL When connecting remotely to Named pipe interface and "mssql-advanced-
monitoring" was set in MX Advanced Configuration, source IP in audit screen
was displayed as 0.0.0.0 and source of activity was local.
AGNT-8761 MS SQL, Windows 32bit MSSQL server could have crashed when Remote Agent was started.
AGNT-8894 MS SQL, Windows On rare occasions, MSSQL Advanced Monitoring wouldn't have audited traffic on
MSSQL 2008 R2 32bit.
AGNT-8917 MS SQL, Windows Intercepting named-pipe channels might have failed in rare cases because of
connection issues between the Remote Agent and the MSSQL server.
AGNT-9206 MS SQL, Windows If ACP file content has been corrupted, new ACP file wouldn't properly function.
This could have resulted in no audit in advanced monitoring mode.
AGNT-9598 MS SQL, Windows MSSQL Advanced Monitoring may fail to inject the DLL when ACP update was
done before the MSSQL database was started.
AGNT-9612 MS SQL, Windows MSSQL DB process might crash if the Agent was stopped quickly and MSSQL
Advanced Monitoring was enabled.
AGNT-9281 Oracle When working in EIK mode with Oracle 12.2, some audit for open mode
connections might be missing at the beginning.
AGNT-9693 Oracle, SUSE The SecureSphere Agent for DAM could not decrypt traffic encrypted using ASO
when installed on Oracle Databases running on SUSE 12 SP2.
AGNT-9343 Oracle, Unix Agent driver failed to load on OEL5 UEK6.
AGNT-9373 RHEL In RHEL 7.4 database server would freeze up when SecureSphere Agent was
started with ASO enabled.
AGNT-9761 RHEL Upgrading Oracle 12.1 ASO monitoring to patch id 8841764 caused audit loss.
AGNT-9812 RHEL Following OS kernel update for Meltdown and Spectre issues on x86_64
processors: Remote agent failed to start on kernel version 3.10.0-693.11 and up.
AGNT-9832 RHEL Following OS kernel update for Meltdown issue on Intel processors: Remote
agent failed to start on updated RHEL6.
AGNT-8657 Solaris Agent failed to start.
AGNT-8719 Solaris SecureSphere Agent used a legacy method to start during reboot on Solaris 10 or
11 systems.
AGNT-8806 Solaris Failed to initialize local traffic. Couldn't initialize TCP local traffic monitor.
ID Agent Description
Environment
AGNT-8931 Solaris Destination IP is replaced with source IP with connections related to Solaris
zones.
AGNT-8955, Solaris A system event was not sent when an IPv6 listener was identified on a Solaris
AGNT-9291 server.
AGNT-9445 Solaris System\CPU capping could not be enabled.
AGNT-9527 Teradata SecureSphere Agent failed to get group_name.
AGNT-9764 Teradata In Teradata when agent was in EIK mode there could have been loss of audit
when user connected to the database using ODBC.
AGNT-9174 UEK Installing or running the SecureSphere Agent for Database failed when running
on a Nano UEK kernel.
AGNT-9711 UEK SecureSphere Agent couldn't be installed on OEL with ueknano kernel.
AGNT-9834, UEK Following OS kernel update for Meltdown issue on Intel processors: Remote
AGIM-301 agent failed to start on updated OEL7.
AGNT-8085 Unix Agent failed to monitor local traffic after uninstall and install
AGNT-8640 Unix Sybase detection didn't discover channels when the prefix for the database is
too long.
AGNT-8783 Unix Intercepting traffic of kragent process caused a leak in driver resources. Leak
could have ended without audit.
AGNT-9452 Unix Audit for local TCP connection in Netezza database wasn't collected.
AGIM-266 Windows Upgrading the SecureSphere Agent failed.
AGIM-274 Windows Imperva processes were not signed by Imperva signature.
AGNT-5026 Windows When connecting remotely to Named pipe interface, the Source of Activity in
audit screen was displayed as "Local."
AGNT-5460 Windows General improvements made to RemoteAgentCli Windows utility that are
related to starting, stopping and restarting the Remote Agent.
AGNT-8141 Windows Imperva processes were not signed with an Imperva signature.
AGNT-8301 Windows On rare occasions, adding a channel may have failed after the driver was loaded
for the first time. As a result, traffic wouldn't be monitored.
AGNT-8479 Windows Agent was running multiple msinfo32.exe instances when using CPU capping.
AGNT-8700 Windows Enabling the ECN bit may cause re-transmissions of packets between the Agent
and the Gateway.
AGNT-8708 Windows When disk becomes full, Agent may fail to receive configuration updates even
after disk space is freed. Workaround: Restart the agent.
AGNT-8794 Windows If associated data interfaces were modified (e.g. by disabling then enabling
them) while external TCP connections were running. Inaccurate logouts would
have been displayed.
AGNT-8862 Windows When both SecureSphere Agent and McAfee are installed on the server, McAfee
caused higher CPU consumption. Workaround: Configure the "enable-discovery-
processes" change in Advanced Configuration to "false."
ID Agent Description
Environment
AGNT-8868 Windows Warning message saying "Unable to find InstanceName for path" encountered
resulting from mismatch between the sqlservr executable path and the path in
the registry. Also caused obsolete keys to be added in the database discovery
process.
AGNT-8893 Windows When external traffic was monitored by pcap on windows platforms, disabling
and enabling network interface while agent was running caused complete audit
loss. Bug was fixed on all Windows platforms except windows 2003 and below.
Workaround: restart the Agent.
AGNT-8973 Windows WinPcap installation was required and the following message was displayed
"The installer detected that WinPCap is not installed."
AGNT-9143 Windows Stopping kragent driver through "net stop" command could have caused drivers
not to load next time agent was started, which would lead to loss of audit.
AGNT-9477 Windows Audit loss may occur when MSSQL Advanced Monitoring is enabled and the
agent is restarted when the injected DLL takes too long to detach. Workaround:
restart the agent.
AGNT-9219 Windows 2008 Agent process crashed accompanied with error "Maximum process terminations
exceeded."
AGNT-9257 Windows 2008 Logouts were not monitored by the agent with EIK connections.
AGNT-9426 Windows 2008 Windows agent crashed due to driver path offset.
AGNT-8899 Windows 2008, In Windows 2008 and newer, when local driver load is failing there is no running
Windows 2012. with errors message issued.
Windows 2016