EEA 8 for Linux on Ubuntu 20.04 "Real-time file system protection is non-functional"

[sysadminPA 1]

Hello,

 

We are using ESET in our company and are looking to upgrade to the new version of EEA 8 for Linux. 

I am testing it on an up to date machine with Ubuntu 20.04. The environment satisfies all the system requirements.

I have downloaded and installed the product from the ESET website, as our ESET Protect server is not set yet to install this version, but the agent is running on the machine, so the server was able to activate the product.

Now I am left with the eea service on the machine reporting "Real-time file system protection is non-functional" 

Apr 20 12:38:19 Computer-name oaeventd[1675]: ESET Endpoint Antivirus Error: Secure Boot is enabled. Please sign the kernel module /lib/modules/5.8.0-50-generic/eset/eea/eset_rtp.ko or disable Secure Boot in BIOS/UEFI.
Apr 20 12:38:19 Computer-name oaeventd[1675]: ESET Endpoint Antivirus Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs.

In the EEA GUI I can see the same message (pictures attached).

Now I have double-checked the instructions and the only point regarding the Real-time protection is here https://help.eset.com/eeau/7/en-US/realtime-protection-cannot-start.html, but it does not apply to my situation.

Going back to the error message in the console I can understand that disabling Secure Boot would be a solution, but this is not desirable in my company. The solution would be signing the kernel modules. Unfortunately I did not find a guide for this, and I am wondering if it is possible for this version of the product.

I have found that ESET File Security 8 for Linux has a script that does this as detailed here  https://help.eset.com/efs/8/en-US/secure-boot.html, but this script does not seem to be present in the EEA 8 for Linux installation folder.

I have tried also the commands listed in this thread (adapted for my kernel version) but with no success.

I am hoping you can help me with this, either pointing out something I have missed or simply providing a set of commands or a script similar to the EFS 8 one.

Thanks in advance!

[Marcos 5,074]

If you have enabled secure boot, please refer to https://help.eset.com/efs/8/en-US/secure-boot.html:

To use real-time file system protection on a machine with Secure boot enabled, the  ESET File Security 8 for Linux (EFS) kernel module must be signed with a private key. The corresponding public key must be imported to UEFI. EFS version 8 comes with a built-in signing script, that operates in interactive or non-interactive mode.

Use the mokutil utility to verify Secure boot is enabled on the machine.  Execute the following command from a Terminal window as a privileged user:

mokutil --sb-state

[sysadminPA 1]

Thanks for your reply!

Yet I find that you might have misunderstood or misread my post. I have already mentioned that link you posted from EFS 8 for linux myself as I have already read through.

However, I am not using EFS 8 for linux but EEA 8 for linux, and as I mentioned in my post, I have seen that EFS 8 for linux comes with a script to sign the kernel, but I cannot find this script in the installation folder of EEA 8 for linux. 

I have already added the output of my eea service status that mentions that Secure Boot is enabled.

The command you pasted from the EFS 8 secure boot help page outputs when run "SecureBoot enabled" as is expected, as also the eea service states the same.

I understand that I need to sign the EEA kernel module, yet I am not sure how to do this as a script is not provided like in the case of EFS. Am I missing something? If not, can you provide an alternative script for EEA 8 like the one for EFS 8?

Thanks in advance!

[Marcos 5,074]

EEA currently doesn't support secure boot. We plan to support it in EEA too but there is currently no ETA yet.

[sysadminPA 1]

I understand! Thank you for your reply!

[Marcos 5,074]

We're going to release a new version of ESET Endpoint Antivirus for Linux v8.1.3.0 soon. Among other new features and improvements, such as added EDTD support, it will also bring SecureBoot support. Stay tuned : )