Description
This article describes how to resolve application control and upload collector content failures for on-prem deployments.
Scope
FortiEDR On-prem deployments experiencing application control and upload collector content issues following CentOS to Ubuntu Migration. To clarify, this fix is applied on cloud environments and relevant only for on-prem deployments that performed the Ubuntu migration process. Symptoms might be related to application control not blocking configured applications, and collector content upload errors, similar to the screenshot below:
Solution
To remediate this issue, SSH to the manager cli and run the following steps:
First, run the following command and check the output:
- ll /opt/FortiEDR/files/ApplicationControl
- ll /opt/FortiEDR/files/ApplicationControl/24254/Windows
- In case the output is similar to the following screenshots, proceed with creating the folder in step 3, otherwise, continue with step 4 (owner is root (should be: fortinet), and\or 'No such file or Directory' error message).
-
Create the missing folder:
mkdir -p /opt/FortiEDR/files/ApplicationControl/24254/Windows -
Run the command:
chown -R fortinet:fortinet /opt/FortiEDR/files/ApplicationControl/24254/Windows -
Run the command:
chown -R fortinet:fortinet /opt/FortiEDR/files/ApplicationControl
Followed by the command:
chown -R fortinet:fortinet /opt/FortiEDR/files/ApplicationControl
Then, run the command:
chown -R fortinet:fortinet /opt/FortiEDR/agent
Perform chmod 777 for all mentioned folders:- /opt/FortiEDR/agent
- /opt/FortiEDR/files/ApplicationControl
- /opt/FortiEDR/files/ApplicationControl/24254/Windows
-
Wait 10-15 minutes allowing the the new configuration to be updated.
-
Enable\Disable some applications under Security Settings -> Application Control Manager:
-
Wait for another 10-15 minutes allowing the new configuration to be updated.
- Restart the manager and then restart the aggregator. Test if the issue persists, and if so share collector logs and manager logs for further investigation.
