ESET Online Help

Search English
Select the topic

Real-time protection cannot start

Issue

Real-time protection cannot start due to missing kernel files or enabled Secure Boot.

The Events screen in the Web interface of ESET Server Security for Linux (ESSL)version 8 displays an error message.

real-time-protection-cannot-start

Missing kernel files

secure-boot_real-time-protection-cannot-start

Secure Boot is enabled

In system logs, a corresponding error message is displayed:

Nov 30 15:47:02 localhost.localdomain efs[373639]: ESET File Security error: cannot find kernel sources directory for kernel version 5.4.17-2036.100.6.1.el8uek.x86_64

Nov 30 15:47:02 localhost.localdomain efs[373641]: ESET File Security error: please check if kernel-devel (or linux-headers) package version matches the current kernel version

Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Error: Cannot open file /lib/modules/5.4.17-2036.100.6.1.el8uek.x86_64/eset/efs/eset_rtp.ko: No such file or directory

Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Warning: If you are running UEK kernel, make sure you have kernel-uek-devel installed

Nov 30 15:47:04 localhost.localdomain oaeventd[373656]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs.

Missing kernel files

Feb 05 14:58:47 ubuntu2004 efs[52262]: ESET File Security Error: Secure Boot requires signed kernel modules. Please run "/opt/eset/efs/lib/install_scripts/sign_modules.sh" to sign our modules.

Feb 05 14:58:50 ubuntu2004 oaeventd[52303]: ESET File Security Error: Secure Boot is enabled. Please sign the kernel module /lib/modules/5.8.0-41-generic/eset/efs/eset_rtp.ko or disable Secure Boot in BIOS/UEFI.

Feb 05 14:58:50 ubuntu2004 oaeventd[52303]: ESET File Security Error: Initialization of system handler for on-access scan has failed. Please update your OS and restart your computer, then check system logs.

Secure Boot is enabled

Solution

If the machine with ESSL installation has Secure Boot enabled, refer to the Secure Boot section.

Method 1 - Requires operating system restart

1.Upgrade your operating system packages to the latest version. On CentOS 7, execute the following command from a Terminal window as a privileged user:

yum upgrade

2.Restart the operating system.

Method 2

1.Install the latest kernel-devel modules (on RPM-based Linux distributions) or the latest linux-headers (on DEB based Linux distributions). On Ubuntu Linux, execute the following command from a Terminal window as a privileged user:

apt-get install linux-headers-`uname -r`

2.Restart the ESSL service. Execute the following command from a Terminal window as a privileged user:

systemctl restart efs

Method 3 - OS with Unbreakable Enterprise Kernel

If the Unbreakable Enterprise Kernel is used, the kernel-uek-devel package must be installed manually.

1.On Oracle Linux, execute the following command from a Terminal window as a privileged user:

yum install kernel-uek-devel-`uname -r` kernel-headers

2.Restart the ESSL service. Execute the following command from a Terminal window as a privileged user:

systemctl restart efs