Oracle Linux : ESET Real-time file system protection is non-functional

[TTN 0]

During the deployment of the Eset security product on an Oracle Linux system, I encountered a persistent red alert. The alert advises me to attempt a system restart or a reinstallation of the Eset security product, but neither of these actions has resolved the issue.

I conducted research on the web to identify the cause of the problem. It appears to be related to the system's Secure Boot status, which ideally should be inactive. However, I couldn't find any settings related to Secure Boot in my system. When I run the command :

mokutil --sb-state

It outputs the following message: 

EFI variables are not supported on this system

This red alert seems to appear consistently on all Oracle Linux systems.

I'm seeking guidance on how to address and resolve this issue. Has anyone encountered a similar problem or can offer insights into potential solutions?

Your assistance would be greatly appreciated...

 

[kurco 19]

HI TTN,

could you please specify version of Oracle Linux and also version of Linux Server Security? Also it would be great to check event log in Server Security, not everything is send to Protect Console. 

Basically there are two main issue related with non-functional RTP:

- Oracle Linux doesn't contain latest updates and therefore our RTP module could not be compiled
- Secure boot is enabled and our RTP module needs to be signed after compilation in order to be allowed to be loaded into kernel. 

Regards,
Kurco

[TTN 0]

Oracle Linux Server 7.9 and 9.2 updated with ESET Server security 10.0.328.0.

Secure boot is not enabled.

 

[kurco 19]

Have you checked online help of Server Security? maybe this could help: https://help.eset.com/essl/10.0/en-US/realtime_protection_cannot_start.html#s-method-3-os-with-unbreakable-enterprise-kernel

Oracle is using special kernel and sources for our RTP module needs to be installed manually. 

Regards,
Kurco

Edited September 26, 2023 by kurco