Jump to content


Photo

The Sourcefire Agent Is Not Running


  • Please log in to reply
2 replies to this topic

#1 sethbgm

sethbgm

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 April 2015 - 03:59 PM

Hi,

I work for a non-profit and we have Immunet Free installed on all of our computers.

 

We really want to continue using it, but we have been running into a pretty big problem. I know that the issue of "the sourcefire agent is not running" has been discussed on these forums before, but I have tried all of the solutions and cannot get any of them to work (at least not long term)

 

We require employees to do scans once a month on their computers and every time this happens, we hear back from people that they cannot scan and get this error.

 

Restarting the service in command prompt doesn't work. It crashes again right away.

 

Reinstalling Immunet works SOMETIMES but not all the time.....and then the next month when they go to scan again, the problem is back.

 

Tried disabling firewall to see if it was being blocked and that did not change anything.

 

All of our computers run Windows 8.1 Enterprise edition and are joined to an Active Directory Domain. Roaming user profiles with Folder Redirection policies, BUT, when we scan with Immunet, it is done on local accounts.

 

sfc.exe.log adds these errors every time I run "net start immunetprotect" from the command prompt:

(83396343, +15 ms) Apr 29 11:34:47 [4400]: ERROR: AgentMain: unable to obtain base directory from config
(83396406, +63 ms) Apr 29 11:34:47 [68]: ERROR: WSCVista::Register: SysAllocString failed : 14007 : The requested lookup key was not found in any active activation context.


(83396421, +15 ms) Apr 29 11:34:47 [2916]: ERROR: imn::CProductInventoryHttp::Init : Failed to get agent guid for product inventory configuration.
(83396484, +63 ms) Apr 29 11:34:47 [4400]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396484, +0 ms) Apr 29 11:34:47 [4400]: ERROR: Query::LookupInit: failure parsing UUID string
(83396593, +109 ms) Apr 29 11:34:47 [4400]: ERROR: HistoryEx::Prepare (table component already exists)
(83396593, +0 ms) Apr 29 11:34:47 [3268]: ERROR: NFM_SetStateMachine during load: 0x7d8 : 87 : The parameter is incorrect.


(83396625, +32 ms) Apr 29 11:34:47 [4228]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: PRAGMA journal_mode=WAL;(5) : 183 : Cannot create a file when that file already exists.


(83396625, +0 ms) Apr 29 11:34:47 [4228]: ERROR: CDBBase::Execute NFMUrlFileMapDB: database is locked
(83396625, +0 ms) Apr 29 11:34:47 [4228]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: PRAGMA AUTO_VACUUM=2;(5)
(83396625, +0 ms) Apr 29 11:34:47 [4228]: ERROR: CDBBase::Execute NFMUrlFileMapDB: database is locked
(83396625, +0 ms) Apr 29 11:34:47 [5252]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1)
(83396625, +0 ms) Apr 29 11:34:47 [5252]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396625, +0 ms) Apr 29 11:34:47 [4052]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1) : 183 : Cannot create a file when that file already exists.


(83396625, +0 ms) Apr 29 11:34:47 [4052]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396625, +0 ms) Apr 29 11:34:47 [6036]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: PRAGMA journal_mode=WAL;(5) : 183 : Cannot create a file when that file already exists.


(83396625, +0 ms) Apr 29 11:34:47 [6036]: ERROR: CDBBase::Execute NFMUrlFileMapDB: database is locked
(83396625, +0 ms) Apr 29 11:34:47 [6036]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1)
(83396625, +0 ms) Apr 29 11:34:47 [6036]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396625, +0 ms) Apr 29 11:34:47 [4052]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396625, +0 ms) Apr 29 11:34:47 [4052]: ERROR: Query::LookupInit: failure parsing UUID string
(83396625, +0 ms) Apr 29 11:34:47 [6036]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396625, +0 ms) Apr 29 11:34:47 [6036]: ERROR: Query::LookupInit: failure parsing UUID string
(83396625, +0 ms) Apr 29 11:34:47 [1284]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1) : 183 : Cannot create a file when that file already exists.


(83396625, +0 ms) Apr 29 11:34:47 [1284]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396625, +0 ms) Apr 29 11:34:47 [1284]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396625, +0 ms) Apr 29 11:34:47 [1284]: ERROR: Query::LookupInit: failure parsing UUID string
(83396640, +15 ms) Apr 29 11:34:47 [1240]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1) : 183 : Cannot create a file when that file already exists.


(83396640, +0 ms) Apr 29 11:34:47 [1240]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396640, +0 ms) Apr 29 11:34:47 [4228]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1)
(83396640, +0 ms) Apr 29 11:34:47 [4228]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396640, +0 ms) Apr 29 11:34:47 [1240]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396640, +0 ms) Apr 29 11:34:47 [1240]: ERROR: Query::LookupInit: failure parsing UUID string
(83396640, +0 ms) Apr 29 11:34:47 [5252]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396640, +0 ms) Apr 29 11:34:47 [4228]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396640, +0 ms) Apr 29 11:34:47 [968]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1) : 183 : Cannot create a file when that file already exists.


(83396640, +0 ms) Apr 29 11:34:47 [968]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396640, +0 ms) Apr 29 11:34:47 [968]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396640, +0 ms) Apr 29 11:34:47 [5732]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1) : 183 : Cannot create a file when that file already exists.


(83396640, +0 ms) Apr 29 11:34:47 [5732]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396656, +16 ms) Apr 29 11:34:47 [5164]: ERROR: CDBBase::Prepare NFMUrlFileMapDB: failure preparing: CREATE TABLE nfm_url_file_map (hash binary(32) PRIMARY KEY, url varchar(255), created_at timestamp, ttl integer, direction integer, localip integer, remoteip integer, localport integer, remoteport integer, protocol integer );(1) : 183 : Cannot create a file when that file already exists.


(83396656, +0 ms) Apr 29 11:34:47 [5164]: ERROR: CDBBase::Execute NFMUrlFileMapDB: table nfm_url_file_map already exists
(83396656, +0 ms) Apr 29 11:34:47 [5164]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396671, +15 ms) Apr 29 11:34:47 [5732]: ERROR: Query::SetConfigSettings: unable to retrieve client public key
(83396921, +250 ms) Apr 29 11:34:48 [1284]: ERROR: Event::HandleExecution[1284]: look up of processname: \\?\C:\Windows\System32\svchost.exe failed
(83396937, +16 ms) Apr 29 11:34:48 [4052]: ERROR: Event::HandleExecution[4052]: look up of processname: \\?\C:\Program Files\Immunet\clamav\freshclam.exe failed
(83396984, +47 ms) Apr 29 11:34:48 [5252]: ERROR: Event::HandleExecution[5252]: look up of processname: \\?\C:\Windows\system32\WerFault.exe failed
(83397109, +125 ms) Apr 29 11:34:48 [4052]: ERROR: Event::HandleExecution[4052]: look up of processname: \\?\C:\Program Files\Immunet\clamav\freshclam.exe failed

I searched some of these errors and could not find any other support discussions pertaining to them, so I decided to open a new thread here, hoping that someone might know what's happening. We would really like to not have to switch anti-virus software, but this is starting to become a real problem so any help would be GREATLY appreciated! : )

 

Thank you!

 



#2 Lorne

Lorne

    Advanced Member

  • Members
  • PipPipPip
  • 40 posts
  • LocationCalgary AB, Canada

Posted 29 April 2015 - 06:06 PM

Hey sethbgm,

 

Unfortunately, Immunet does not support Windows 8.1. Currently I have it working on a Windows 8.1 machine and can't seem to reproduce the errors you seem to get, however, I remember seeing the same behavior you described when I was using it on a personal machine. I am not sure what happens over time or what could be preventing it from connecting to the cloud. Re-installing sometimes seems like the best option if it will work since it is fairly quick to do so.

 

It may be worth looking into a new solution since Immunet does not plan on supporting Windows 8.1 and you do not want to be left unprotected for long periods of time. I understand it's for non-profit, but we do offer more permanent solutions which were developed further after Immunet. If you're curious you can find out more at this link: http://www.sourcefir...ware-protection

 

best regards,

Lorne


Lorne Burke
CO-OP.TECH UNDERGRAD STUDENT WORKER
Cisco Security Group
lorburke@cisco.com

Cisco Systems Canada

#3 sethbgm

sethbgm

    Newbie

  • Members
  • Pip
  • 2 posts

Posted 29 April 2015 - 06:34 PM

Thank you very much for the information. I thought I had read somewhere that Immunet was supporting Windows 8 as of around last year sometime, so I was thinking it would be fine on 8.1 as well. I will take a look at the product you linked to and see if that might be an option to consider. If not, then I guess we will have to make some decisions as to what we want to switch to.

 

Thanks again for your help! 






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users