Issue:
WithSecure Elements Endpoint Detection and Response (EDR) sensor does not activate on Ubuntu. The state appears as "Waiting for connection" in the Elements Endpoint Protection portal and the Elements Endpoint Detection and Response portal.
Resolution:
Elements Endpoint Detection and Response functionality requires the auditd service to be installed and running on the system.
If Elements Endpoint Detection and Response sensor installation fails, an error like this will be printed to the system journal:
"Sep 29 14:07:37 localhost fsbg[6692]: update installation failed: /sensor/1601277158"
It is possible to fix the failed sensor installation by installing auditd and running the update command to let update system install the sensor automatically.
1. Run the command below to install auditd:
sudo apt-get install auditd
2. Fixing sensor installation:
sudo su
Note: sudo su will give the root shell, please execute the next command in that root shell
/opt/f-secure/baseguard/bin/update $(/opt/f-secure/baseguard/bin/update --list | grep sensor | cut -d ' ' -f 1)
Article no: 000031593