Sep 21 2022 01:35 AM - edited Sep 21 2022 05:10 AM
I am trying to run MDATP on Ubuntu 20.04 LTS - Kernel: 5.4.0-126-generic.
mdatp health status
Could not connect to the daemon
Error connecting to server socket
systemctl status mdatp
● mdatp.service - Microsoft Defender
Loaded: loaded (/lib/systemd/system/mdatp.service; enabled; vendor preset: enabled)
Active: deactivating (stop-sigterm) (Result: core-dump) since Wed 2022-09-21 10:26:50 CEST; 642ms ago
Process: 14906 ExecStart=/opt/microsoft/mdatp/sbin/wdavdaemon (code=dumped, signal=ABRT)
Main PID: 14906 (code=dumped, signal=ABRT)
Tasks: 32 (limit: 19105)
Memory: 39.9M
CGroup: /system.slice/mdatp.service
└─14930 /opt/microsoft/mdatp/sbin/wdavdaemon edr 11 10 3 --log_level info
Sep 21 10:26:44 portfolio systemd[1]: Started Microsoft Defender.
Sep 21 10:26:45 portfolio wdavdaemon[14930]: avc: could not determine enforcing mode: No such file or directory
Sep 21 10:26:50 portfolio wdavdaemon[14906]: terminating with uncaught exception of type std::runtime_error: collate_byname<char>::collate_byname failed to construct for
Sep 21 10:26:50 portfolio wdavdaemon[14910]: [14910:14910:20220921,102650.350438:ERROR process_memory_range.cc:86] read out of range
Sep 21 10:26:50 portfolio wdavdaemon[14910]: [14910:14910:20220921,102650.350500:ERROR elf_image_reader.cc:594] missing nul-terminator
Sep 21 10:26:50 portfolio wdavdaemon[14910]: [14910:14910:20220921,102650.353355:ERROR file_io_posix.cc:143] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_cur_freq: No such file or >
Sep 21 10:26:50 portfolio wdavdaemon[14910]: [14910:14910:20220921,102650.353394:ERROR file_io_posix.cc:143] open /sys/devices/system/cpu/cpu0/cpufreq/scaling_max_freq: No such file or >
Sep 21 10:26:50 portfolio systemd[1]: mdatp.service: Main process exited, code=dumped, status=6/ABRT
mdatp log view
[408962][2022-09-21 07:37:00.537512 UTC][error]: [{user}]: Onboarding failed: Corrupted license
[408962][2022-09-21 07:37:00.734714 UTC][error]: [{user}]: Couldn't connect to kernel extension, Make sure kernel extension is allowed
[409411][2022-09-21 07:37:18.765187 UTC][error]: [{user}]: Couldn't connect to kernel extension, Make sure kernel extension is allowed
I did a reinstall, SELinux is not installed.
Among other things, a Docker environment runs on this system.
Even if I terminate all Docker containers, MDATP does not start.
Thanks for any help,
Lukas
Sep 23 2022 01:30 AM - edited Sep 23 2022 01:57 AM
Sep 23 2022 01:30 AM - edited Sep 23 2022 01:57 AM
SolutionNeeded to change my locale from C.UTF-8 to en_US.UTF-8.
Sep 23 2022 01:30 AM - edited Sep 23 2022 01:57 AM
Sep 23 2022 01:30 AM - edited Sep 23 2022 01:57 AM
SolutionNeeded to change my locale from C.UTF-8 to en_US.UTF-8.