In 22.214.171.124 Patch the kernel adaptation mappings for the agent version 126.96.36.199 are missing in the NetWitness Endpoint Database. This causes the agents to not receive new and future kernel encoding values from the NetWitness Endpoint Server and results in a driver error (0xe0010014). A fix is being created and will be made available shortly in an upcoming patch. In the meantime the workaround below will resolve this issue.
Agent version 188.8.131.52 on supported Microsoft Windows agent platform
When there are new Windows kernel updates available, the agent will encounter this error and the agent driver will be stopped causing the agent to function partially (user mode capability only). All capability provided by the Windows agent driver will fail to function: behavior and network tracking events, memory dump generation, module blocking, and network containment.
Execute below query on the NetWitness Endpoint Database (Primary and Secondary if it is multi-server environment) to correct the agent kernel adaptation mapping.
update [AgentVersionKernelAdaptMapping] set AgentVersion=4403 where VersionDescription='V184.108.40.206'
RSA NetWitness Platform page on RSA Link.loads, and more, visit the
RSA has a defined End of Primary Support policy associated with all major versions. Please refer to the Product Version Life Cycle for additional details.