Install/Post Install Issues

rob_wood_8894 · ‎Aug 01 2022

Hello,

These logs are from an attempted install on RHEL. Looking for a steer if anyone has seen these before

OS: Oracle Linux v7.9

Kernel: 3.10.0-1160.71.1.0.1.el7

mdatp: 101.62.74

python: 2.7.5

sqlite: 3.7.17

Issue 1

/var/log/microsoft/mdatp/microsoft_defender_v2.log

Exceeded execution count

Metastore SQL DB version is out of date. Attempting migration from 32.

sqlite3_exec Error:database disk image is malformed

SQL:DROP TABLE IF EXISTS SQLiteGlobals; CREATE TABLE SQLiteGlobals(ID INTEGER PRIMARY KEY NOT NULL, Version INTEGER NOT NULL, Current BOOLEAN NOT NULL, LastUpdated TEXT NULL);, HRes:0x87af000b

MetaStore is unavailable. Persistence of RollingQueues will not work.

Issue 2

/var/log/microsoft/mdatp/microsoft_defender_v2.log

[7513][2022-07-26 22:25:56.600710 UTC][info]: number of process starts has been exceeded

[7513][2022-07-26 22:27:56.628675 UTC][info]: number of process starts has been exceeded

[7513][2022-07-26 22:28:56.629098 UTC][info]: number of process starts has been exceeded

[7513][2022-07-26 22:29:56.629821 UTC][info]: number of process starts has been exceeded

[7513][2022-07-26 22:30:56.630817 UTC][info]: number of process starts has been exceeded

[7513][2022-07-26 22:31:41.100805 UTC][info]: number of process starts has been exceeded

[7513][2022-07-26 22:31:56.631628 UTC][info]: number of process starts has been exceeded

Thanks in anticipation

Srinivas_Koripella · ‎Aug 01 2022

@rob_wood_8894
Can you kindly share the o/p of mdatp health.

The second log message should be fixed in the latest engine. I will check and get back on the first one once i have the o/p of mdatp health.

shorif2000 · ‎Aug 02 2022

@Srinivas_Koripellawhat do you mean by engine? we have latest sqlite installed

$ sudo yum install sqlite
Loaded plugins: langpacks, ulninfo
Package sqlite-3.7.17-8.el7_7.1.x86_64 already installed and latest version

Srinivas_Koripella · ‎Aug 02 2022

@shorif2000 Engine version is the one you see in the mdatp health o/p. If you can give me the o/p of the entire mdatp health output, i can do a quick check and see if i can find something.

healthy : true
health_issues : []
licensed : true
engine_version : "1.1.19530.0"
app_version : "101.73.77"

shorif2000 · ‎Aug 02 2022

@Srinivas_Koripella

# rpm -qi mdatp
Name        : mdatp
Version     : 101.62.74
Release     : 1
Architecture: x86_64
Install Date: Mon 25 Apr 2022 09:25:34 AM CEST
Group       : Security
Size        : 215084698
License     : Copyright _ Microsoft Corporation. All rights reserved.
Signature   : RSA/SHA256, Fri 18 Mar 2022 08:14:03 AM CET, Key ID eb3e94adbe1229cf
Source RPM  : mdatp-101.62.74-1.src.rpm
Build Date  : Fri 18 Mar 2022 07:53:39 AM CET
Build Host  : 41296f29c000000.fhgjolb4bomu5fsgjg1ymvbkqg.bx.internal.cloudapp.net
Relocations : /opt/microsoft/mdatp
Vendor      : Microsoft
Summary     : Microsoft Defender (Production)
Description :
 Microsoft Defender is a complete endpoint
 security solution. It delivers preventative protection, post-breach
 detection, automated investigation, and response.

Srinivas_Koripella · ‎Aug 02 2022

@shorif2000
"mdatp health" is the command that gives the engine version. Can you help me get that?

shorif2000 · ‎Aug 02 2022

@Srinivas_Koripella

healthy                                     : true
health_issues                               : []
licensed                                    : true
engine_version                              : "3.0"
engine_version_v2                           : "1.1.19300.3"
app_version                                 : "101.62.74"
org_id                                      : "39e745ca-d6d2-45c4-ac34-e27e7bf61c88"
log_level                                   : "info"
machine_guid                                : "42320a30-3a17-a292-ec2a-9921925175b9"
release_ring                                : "Production"
product_expiration                          : Dec 13, 2022 at 06:10:49 AM
cloud_enabled                               : true
cloud_automatic_sample_submission_consent   : "safe"
cloud_diagnostic_enabled                    : true
passive_mode_enabled                        : false
real_time_protection_enabled                : true
real_time_protection_available              : true
real_time_protection_subsystem              : "fanotify"
supplementary_events_subsystem              : "auditd"
tamper_protection                           : "disabled"
automatic_definition_update_enabled         : true
definitions_updated                         : Aug 01, 2022 at 09:52:27 AM
definitions_updated_minutes_ago             : 26
definitions_version                         : "88461"
definitions_status                          : "up_to_date"
edr_early_preview_enabled                   : "enabled"
edr_device_tags                             : []
edr_group_ids                               : ""
edr_configuration_version                   : "30.199999.7572753.5582739.6176165-0f3e8bdca3247cca0e4b0455709f097d0dac9c58"
edr_machine_id                              : "7692be90965e9ec5415102ed4f23bfcca9ca34ea"
conflicting_applications                    : []
network_protection_status                   : "stopped"

Srinivas_Koripella · ‎Aug 02 2022

@shorif2000 Mind filing a case and sharing the diagnostic files from "mdatp diagnostic create" on that?
These errors could be harmless/benign but would need the logs to confirm to see if recovery is working fine.

shorif2000 · ‎Aug 04 2022

@Srinivas_Koripella

Install/Post Install Issues

Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Re: Install/Post Install Issues

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Install/Post Install Issues