v14.4_agent_release_notes_12-18-2024

v14.
4 Agent Release Notes
v14.4 Agent Release Notes
v14.4 Agent Release Notes 1

Contents
Contents
Data Protection Agent Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Features Released with Agent v14.1 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Features Released with Agent v14.4 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Database Support - Data Security Coverage Tool . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
SecureSphere Agent Installation Files . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Note on Agent Package Numbers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Determining Which non-Windows SecureSphere Agent Package to Install . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Database Agent Package Installation File Names . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10
Database and File Agent Packages Released with v14.1. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
Database and File Agent Packages Released with v14.1 Patch 20 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Database Agent Packages Released with v14.4 Patch 10 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Database Agent Packages Released with v14.4 Patch 100 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Agent Installation Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Agent Memory Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Agent Disk Space Requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Platform Specific Notes for the SecureSphere Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Special Considerations for Certain Linux Platforms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
SecureSphere Agents on Microsoft Windows . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
SecureSphere Agents on Ubuntu . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Installing SecureSphere Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Installing and Upgrading SecureSphere Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Required Permissions for Agent Installation/Configuration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
SecureSphere Agent Package . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Upgrading SecureSphere Agents . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
After Installing the SecureSphere Agent . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
AIX Post Installation Information . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Locally Caching Monitored Traffic . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35

Contents
Open Issues with Imperva Data Protection Agent - v14.4 Patch 120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Agent Patch Bug Fixes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Fixed Issues with Imperva Data Protection Agent - v14.4 Patch 120 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Fixed Issues with Imperva Data Protection Agent - v14.4 Patch 90 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Fixed Issues with Imperva Data Protection Agent - v14.1 GA . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Proprietary Rights Notice . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64

Data Protection Agent Release Notes

Welcome to the Data Protection Agent Release Notes. What would you like to read about:
• Features Released with Agent v14.1

• Features Released with Agent v14.4
• Database Support - Data Security Coverage Tool
• SecureSphere Agent Installation Files
• Agent Installation Requirements
• Installing SecureSphere Agents
• Open Issues with Imperva Data Protection Agent - v14.4 Patch 120
• Agent Patch Bug Fixes
Features Released with Agent v14.1

GA - Release Date March 24, 2019
Agents for Data Protection (formerly SecureSphere) now support the following:
• Kernel System Capping: Data Protection Agents now allow users to define CPU capping for the entire system or
for the Kernel. Capping will occur when the indicated item (system or Kernel) hits the designated threshold
• Oracle v12.2 Sharding: Data Protection Agents now support Oracle v12.2 Sharding, supporting the use of a
pool of databases that don't share hardware or software but are presented as a single entity
• Oracle User Space Agents for SUSE v12: Data Protection Agents now support Oracle Databases operating in
the SUSE v12 user space. This significantly reduces the need to upgrade agents when the underlying operating
system’s kernel is updated and creates a more stable operating environment
• MS SQL Server Advanced Mode Blocking: Data Protection Agents now support blocking for MS SQL Servers
operating with Advanced-Mode encryption while the agent is in sniffing mode
• Oracle Enterprise Linux (OEL) 6: Data Protection Big Data Agents now support Oracle Enterprise Linux (OEL) 6
Operating System
• Solaris 11.4: Data Protection Agents now support the Solaris 11.4 Operating System
• Data Security Coverage Tool: Imperva’s new interactive coverage tool allows you to view every certified
combination of database and operating system supported by Imperva’s Data Security suite. The tool provides
the required Agent version, and also the supporting versions of the Management Server, Gateway, Data Risk
Analytics and the underlying platforms on which they can be deployed, On-Premises or in the cloud. This allows
planning in advance operational activities including database and OS upgrades, while making sure databases
stays both secure and compliant to the various applicable regulations. The tool is available at
https://www.imperva.com/data-security-coverage-tool/
Coverage: Data Protection Agents can now be used on the following databases:
• Maria DB 10.3
• Cloudera 6.1
• Hortonworks 3.0 - 3.1
• DataStax Cassandra 6.7

Bug fixes - Fixed Issues with Imperva Data Protection Agent - v14.1 GA
Patch 20 Additions - Release Date May 26, 2019
• MySQL, PostgreSQL and MariaDB User Space: Data Protection Agents now support MySQL, PostgreSQL and
MariaDB databases operating in the SUSE v12 and OEL-7-UEK user spaces
• Oracle User Space Agents for OEL-6-UEK and OEL-7-UEK: Data Protection Agents now support Oracle
databases operating in the OEL-6-UEK and OEL-7-UEK user spaces
Bug fixes - Fixed Issues with Imperva Data Protection Agent - v14.1 Patch 20
Features Released with Agent v14.4

GA - Patch 10 Release Date: June 22, 2020
• MSSQL 2019 (on Windows and Linux)

• MongoDB 4.2
• Cloudera CDH 6.3
SUSE Enterprise Linux Server 15 SPS 0,1: Data Protection Agents for Database now support SUSE Enterprise Linux
Server 15 with Service Packs 0 and 1
RHEL 8, Centos 8 and OEL 8: Data Protection Agents for Database now support RHEL 8, Centos 8 and OEL 8
Bug fixes - see Fixed Issues with Imperva Data Protection Agent - v14.4 Patch 10
Patch 20- Release Date: August 17, 2020
Bug fixes only - see Fixed Issues with Imperva Data Protection Agent - v14.4 Patch 20
Patch 30- Release Date: October 19, 2020
Patch 40 Additions - Release Date December 21, 2020
Alarm for Memory Overrun: Data Protection Agents now send a system event when the available memory of the server
is too low
Short Block for Username from Agent: Data Protection Agents now support short user block and long user block as a
followed action in sniffing blocking mode, when Advanced Monitoring Mode is enabled on MSSQL over Windows
Notification for Agent Audit Loss on MongoDB: Data Protection agents for Big Data now send a system event when the
audit loss ratio for MongoDB is too high
Performance Improvements in MongoDB: Data Protection Agents for Big Data can now handle higher loads of traffic.
PostgreSQL over Redhat7, Power PC: Data Protection Agents now support PostgreSQL over Redhat7 on PowerPC

Teradata over SUSE 12: Data Protection Agents now support Teradata over SUSE 12
• DSE Cassandra 6.8

• Mongo 4.4
Patch 50 Additions - Release Date January 18, 2021
Support Oracle ASO for DB in Solaris 11 Sparc local zone: Data Protection Agents now support Oracle ASO even if
Oracle is installed on a local zone.
Unsupported ciphers ECDHE for Database SSL traffic: Data Protection Agents for Linux now support Oracle ASO even if
the native SSL is enabled as well.
Sybase and Greenplum in Linux: Data Protection Agents now monitor Sybase and Greenplum over Linux in the user
space.
Coverage
• SAP-HANA 2.0 SPS5
Patch 60 Additions - Release Date February 15, 2021
Oracle Enterprise Linux (OEL): Data Protection Agents now support Oracle Enterprise Linux (OEL) 8 Operating System
SUSE Enterprise Linux Server 15 SP 2: Data Protection Agents now support SUSE Enterprise Linux Server 15 with
Service Pack 2
Sybase IQ in Linux: Data Protection Agents now monitor the Sybase IQ database over Linux in the user space (except in
OEL 8)
Patch 70 Additions - Release Date March 16, 2021
Patch 80 Additions - Release Date May 19, 2021
Diffie Hellman support for MySQL 8.0: Data Protection Agents now support Diffie Hellman with MySQL 8.0 Databases.
Note: This feature is available with DAM Gateways v14.5 and newer
Enhanced SSL Diffie Hellman Support for Traffic over AIX: Data Protection Agents now offer additional support for
Oracle traffic over SSL connections that are using Diffie Hellman encryption when running over AIX.
• MongoDB support for RHEL 7 for PowerPC

• Big Data on RHEL 8
Patch 90- Release Date: June 21, 2021
Patch 100- Release Date: September 12, 2021
Diffie-Hellman Support for Postgres: DAM now supports Diffie-Hellman for Postgres. This eliminates the needs to
upload certificates for DAM deployments monitoring traffic for Postgres.
Patch 101- Release Date: September 26, 2021
Support ASO on Oracle 19.12: Data Protection Agents now support ASO on Oracle 19.12.
Patch 110- Release Date: October 18, 2021
Cloudera 7.1.6: Data Protection Agents can now be used on Cloudera 7.1.6.
Patch 120- Release Date: November 15, 2021
User Space agent for Secure Boot Servers: Imperva Data Protection Agents can now be used to audit in the user space
on systems using Secure Boot without having to enroll the Imperva Public Key.
• SUSE 15 SP 3
• PostgreSQL 13
Database Support - Data Security Coverage Tool

Imperva database coverage is now available through the Imperva Data Security Coverage Tool, a dynamic intuitive and
easy to use interface that helps you identify coverage requirements for your agent deployment.
The tool lists supported coverage for all Imperva database products (DAM, DRA, Sonar).
See the tool at https://www.imperva.com/data-security-coverage-tool/
Using the tool is simple:

• Click an item, for example Database Cloudera Hadoop (CDH) 6.2; all supported environment variables become
highlighted
• Scroll down the page to see those variables such as Agent version, MX and Gateway version, supported
hypervisor and cloud platforms, etc.
Note: The Data Security Coverage Tool is replacing the database and OS coverage tables in the
Release Notes, those tables are no longer available.
SecureSphere Agent Installation Files

This section reviews topics related to the SecureSphere Agent installation files and includes the following:
• Note on Agent Package Numbers

• Determining Which non-Windows SecureSphere Agent Package to Install
• Database Agent Package Installation File Names

Note on Agent Package Numbers

Starting with v13.0, Agent version build numbers (all digits that appear in the last part of the version string) are composed
of six numbers, they were previously composed of four numbers. This change has no impact on operation.
Determining Which non-Windows SecureSphere Agent Package to Install
Note: This section is not relevant to Windows SecureSphere Agents, because there is only one
installation package for all supported versions of Windows.
To determine which non-Windows SecureSphere Agent package to download and install, see SecureSphere Agent
Package.
Alternatively, you can use the which_ragent_package_xxxx.sh script (where xxxx is the version number of the script).
The script is available at Imperva Customer Portal: click Downloads, then navigate to /Downloads/
SecureSphere_Agents/Misc/.
The script should be run on the database server and takes a single parameter,
-v
, the SecureSphere Agent version number you want to install.
For example:
[root@agents-system tmp]# ./which_ragent_package_[version].sh -v 14.0
This means that you want the script to return the name of the SecureSphere Agent version 14 package for the platform on
which the script is run.
The script returns the OS, OS version, platform, kernel version and the name of the SecureSphere Agent package you
should download and install.
The following is an example of the output. Real output will reflect the current version.
[root@prod-rhel6-64-smp ~]# ./which_ragent_package_0157.sh -v 13.0
OS: RHEL
Version: 6
Platform: x86_64

Kernel: SMP
Latest DAM Agent package is: Imperva-ragent-RHEL-v6-kSMP-px86_64-b13.3.0.10.0.55114

8.tar.gz
Latest Big Data Agent package is: Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b1

3.3.0.10.0.551148.tar.gz
The above is a recommendation only. It is not a guarantee of agent support.
For an official list of agent packages and their supported platforms, please see th
e latest SecureSphere Agent Release Notes.
*** Please verify that you run the latest version of which_ragent_package available
at https://ftp-us.imperva.com ***
Notes:
• For servers that can host both regular and Big Data Agents, output includes the requisite
package for both scenarios, as seen in the above example.
• Always download the latest version of the which_ragent_package_xxxx.sh before using it,
otherwise it may point you to an out-of-date Imperva Agent package.
• Before downloading the Imperva Agent package, verify that the script has correctly identified
your OS, OS version, platform and kernel version.
Database Agent Package Installation File Names

The installation package is used to install the SecureSphere Agent.
• For a list of standard agents for Database, see:

• Database Agent Packages Released with v14.6 Patch 130
The SecureSphere Agent’s build number is embedded in the name of the installation file.

Notes:
• The SecureSphere Agent for DB2 z/OS installation files and procedure are given in the
Imperva Administration Guide.
• Other SecureSphere Agents are available in this release only for the OS Versions listed in the
table below.
For minimum SecureSphere Agent disk space and memory requirements, see Agent Installation Requirements. Once the
SecureSphere Agent begins to monitor traffic, it requires additional memory and disk space, depending on the volume of
monitored traffic. For additional information, see the "SecureSphere Agents" chapter in the relevant product's User
Guide, under the Advanced Configuration section of the Settings tab.
Database and File Agent Packages Released with v14.1
OS / Version Installation File Name
Note: All platforms listed below additionally support patches installed on the listed versions.
Unix-based Agents
AIX
AIX 7.1 64-bit Imperva-ragent-AIX-v71-ppowerpc64-b14.1.0.10.0.562096.tar.gz
HP-UX
HP-UX B11.31 Itanium Imperva-ragent-HPUX-v11.31-pia64-b14.1.0.10.0.562096.tar.gz
HP-UX B11.31 PA-RISC Imperva-ragent-HPUX-v11.31-phppa-b14.1.0.10.0.562096.tar.gz

OEL
Note: These agents require downloading both the installation file listed here and the kabi_<n>.txt file. For more
information, see Special Considerations for Certain Linux Platforms.
OEL 5 UEK 1 64-bit (2.6.32-100.26.2) Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b14.1.0.10.0.562096.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-300.7.1 to

Imperva-ragent-OEL-v5-kUEK-v1-ik2-px86_64-b14.1.0.10.0.562096.tar.gz
2.6.32-300.39.2)
OEL 5 UEK 1 64-bit (2.6.32-400.21.1) Imperva-ragent-OEL-v5-kUEK-v1-ik3-px86_64-b14.1.0.10.0.562096.tar.gz
OEL 5 UEK 1 64-bit (2.6.32-400.23 to

the latest version of 2.6.32-400 UEK Imperva-ragent-OEL-v5-kUEK-v1-ik4-px86_64-b14.1.0.10.0.562096.tar.gz
kernel series supported by Oracle)
OEL 5 UEK 2 64-bit (2.6.39-400.17.1 to

the latest version of 2.6.39-400 UEK Imperva-ragent-OEL-v5-kUEK-v2-px86_64-b14.1.0.10.0.562096.tar.gz
OEL 6 UEK 2 64-bit (2.6.39-400.17.1 to

OEL 6 UEK 3 64-bit (3.8.13-16 to the

latest version of 3.8.13 UEK kernel Imperva-ragent-OEL-v6-kUEK-v3-px86_64-b14.1.0.10.0.562096.tar.gz
series supported by Oracle)
OEL 6 UEK 4 64-bit (4.1.12-32.1.2 to the


OEL 6 64-bit BigData Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b14.1.0.10.0.562096.tar.gz
OEL 7 UEK 3 64-bit (3.8.13-35.3.1 to the

OEL 7 UEK 4 64-bit (4.1.12-32.1.2 to the

Red Hat (includes Oracle Linux and

CentOS)
RHEL 5 32-bit PAE Imperva-ragent-RHEL-v5-kPAE-pi386-b14.1.0.10.0.562096.tar.gz
RHEL 5 32-bit SMP Imperva-ragent-RHEL-v5-kSMP-pi386-b14.1.0.10.0.562096.tar.gz
RHEL 5 64-bit SMP Imperva-ragent-RHEL-v5-kSMP-px86_64-b14.1.0.10.0.562096.tar.gz
RHEL 5 64-bit XEN Imperva-ragent-RHEL-v5-kXEN-px86_64-b14.1.0.10.0.562096.tar.gz
RHEL 6 32-bit SMP Imperva-ragent-RHEL-v6-kSMP-pi386-b14.1.0.10.0.562096.tar.gz
RHEL 6 64-bit SMP BigData Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b14.1.0.10.0.562096.tar.gz

Solaris
Sun 5.10 SPARC Imperva-ragent-SunOS-v5.10-psparcv9-b14.1.0.10.0.562096.tar.gz
Sun 5.10 x86 64-bit Imperva-ragent-SunOS-v5.10-px86_64-b14.1.0.10.0.562096.tar.gz
SUSE
Imperva-ragent-TD-SLE-v10SP3-kTD-px86_64-b14.1.0.10.0.562096.tar.gz
SUSE 10 64bit SP3 for Teradata
(2.6.16.60-0.91.TDC.1.R.0 to
Note: Due to technical issues. This package was removed from the FTP. A new
2.6.16.60-0.9999.TDC.1.R.0)
package for this version will be released in an upcoming patch.
SUSE 11 64-bit SP4 Imperva-ragent-SLE-v11SP4-kSMP-px86_64-b14.1.0.10.0.562096.tar.gz

This agent is not available in v14.1.
(2.6.32.54-0.23.TDC.1.R.2)

(2.6.32.54-0.35.TDC.1.R.1 to This agent is not available in v14.1.
2.6.32.54-0.9999.TDC.1.R.1)

Imperva-ragent-TD-SLE-v11SP3-kTD-px86_64-b14.1.0.10.0.562096.tar.gz
(3.0.101-0.101.TDC.1.R.0 to
Note: Due to technical issues. This package was removed from the FTP. A new
3.0.101-0.9999.TDC.1.R.0)
package for this version will be released in an upcoming patch.
Ubuntu
Ubuntu 14.04 (4.2.0-27 and 4.4.0-34

Imperva-ragent-UBN-v14-kUBN-px86_64-b14.1.0.10.0.562096.tar.gz
and 4.4.0-112)
Ubuntu 16.04+ Imperva-ragent-UBN-px86_64-b14.1.0.10.0.562096.tar.gz
Windows-based Agents
For more information on Windows platforms that are supported by the Imperva agent, see the Imperva on-Premises
Release Notes.
Windows Imperva-ragent-Windows-b14.1.0.10.0.562097.zip
Database and File Agent Packages Released with v14.1 Patch 20

Unix-based Agents
OEL
OEL 6 UEK 2 64-bit (2.6.39-400.17.1 to

OEL 6 UEK 3 64-bit (3.8.13-16 to the

OEL 6 UEK 4 64-bit (4.1.12-32.1.2 to the

OEL 7 UEK 3 64-bit (3.8.13-35.3.1 to the

OEL 7 UEK 4 64-bit (4.1.12-32.1.2 to the

OEL 6 64-bit BigData Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b14.1.0.20.0.569078.tar.gz

CentOS)

SUSE
Database Agent Packages Released with v14.4 Patch 10
Unix-based Agents

CentOS)
RHEL 6 64-bit SMP BigData

Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b14.4.0.10.0.589966.tar.gz
(4.1.12-32.1.2 to 4.1.12)

SUSE
SUSE 12 64-bit Imperva-ragent-SLE-v12-kSMP-px86_64-b14.4.0.10.0.589965.tar.gz
Note: This version of the Windows-based agent does not support FAM.
Windows
Imperva-ragent-Windows-b14.4.0.10.0.590285.zip
Unix-based Agents

OEL
OEL 7 UEK 6 64-bit (5.4.17-2011.2.2 to

the latest version of 5.4.17 UEK kernel Imperva-ragent-OEL-v7-kUEK-v6-px86_64-b14.4.0.20.0.596369.tar.gz

CentOS)
RHEL 6 64-bit SMP BigData (3.8.13-16

Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b14.4.0.20.0.596391.tar.gz
to 3.8.13)
Unix-based Agents

OEL
OEL 7 UEK 5 64-bit (4.14.35-1818 to the


CentOS)
Unix-based Agents

CentOS)

SUSE
SUSE 64bit for Teradata Imperva-ragent-TD-SLE-px86_64-b14.4.0.40.0.606176.tar.gz

CentOS)
Solaris

Unix-based Agents
OEL
OEL 8 UEK 6 64-bit (5.4.17-2011.2.2 to

the latest version of 5.4.17 UEK kernel Imperva-ragent-OEL-v8-kUEK-v6-px86_64-b14.4.0.60.0.608806.tar.gz
SUSE

Unix-based Agents
OEL
OEL 7 UEK 3 64-bit (3.8.13-35.3.1 to the

OEL 7 UEK 4 64-bit (4.1.12-32.1.2 to

4.1.12 UEK kernel series supported by Imperva-ragent-OEL-v7-kUEK-v4-px86_64-b14.4.0.70.0.610252.tar.gz
Oracle)
OEL 7 UEK 5 64-bit (4.14.35-1818 to the

OEL 7 UEK 6 64-bit (5.4.17-2011.2.2 to

Imperva-ragent-OEL-v7-kUEK-v6-px86_64-b14.4.0.70.0.610252.tar.gz
the latest version of 5.4.17 UEK kernel

series supported by Oracle
For more information on Windows platforms that are supported by the Imperva agent, see the Imperva on-Premises
Release Notes.
Unix-based Agents
AIX
Imperva-ragent-AIX-v72-ppowerpc64-b14.4.0.80.0.613296.tar.gz
AIX 7.2 64-bit

CentOS)

RHEL 7 & 8 64-bit SMP BigData Imperva-ragent-bigdata-RHEL-kSMP-px86_64-b14.4.0.80.0.613303.tar.gz
RHEL 7 64-bit SMP BigData PowerPC LE Imperva-ragent-bigdata-RHEL-kSMP-pppc64le-b14.4.0.80.0.613303.tar.gz
Unix-based Agents

CentOS)
Solaris

Ubuntu
Ubuntu 16.04+ Imperva-ragent-UBN-px86_64-b14.4.0.90.0.614557.tar.gz
V14.4 Patch 100 Agent Packages September 12, 2021
OEL
OEL 6 UEK 2 64-bit (2.6.39-400.17.1 to

OEL 6 UEK 3 64-bit (3.8.13-16 to the

OEL 6 UEK 4 64-bit (4.1.12-32.1.2 to the


CentOS)
RHEL 7 64-bit SMP PowerPC LE Imperva-ragent-RHEL-v7-kSMP-pppc64le-b14.4.0.100.0.617018.tar.gz

CentOS)

Unix-based Agents
AIX

CentOS
RHEL 64-bit SMP BigData Imperva-ragent-bigdata-RHEL-kSMP-px86_64-b14.4.0.110.0.618270.tar.gz
RHEL 64-bit SMP BigData PowerPC LE Imperva-ragent-bigdata-RHEL-kSMP-pppc64le-b14.4.0.110.0.618270.tar.gz
RHEL 7 64-bit SMP PowerPC LE Imperva-ragent-RHEL-v7-kSMP-pppc64le-b14.4.0.110.0.618268.tar.gz
Solaris

OEL
OEL 7 UEK 3 64-bit (3.8.13-35.3.1 to the

latest version of 3.8.13 UEK kernel series Imperva-ragent-OEL-v7-kUEK-v3-px86_64-b14.4.0.120.0.619224.tar.gz
supported by Oracle)
OEL 7 UEK 4 64-bit (4.1.12-32.1.2 to the

OEL 7 UEK 5 64-bit (4.14.35-1818 to the

OEL 7 UEK 6 64-bit (5.4.17-2011.2.2 to the


SUSE
Agent Installation Requirements

This section reviews SecureSphere Agent installation requirements, including the following:
• Agent Memory Requirements

• Agent Disk Space Requirements
• Platform Specific Notes for the SecureSphere Agent
Agent Memory Requirements

The SecureSphere Agent requires memory for operation based on different factors. The following lists the amount of
memory that is required for operation based on the number of CPU cores:
Name Windows Linux/Unix
1-32 cores 300MB 360MB
32-128 cores 500MB 660MB
>128 cores 2GB 2GB

Agent Disk Space Requirements

The SecureSphere Agent uses up to 500 MB of database server disk space for its normal operation, logging, storing
configuration, and more. In addition, to ensure audit information is preserved in the event of network problems, the
SecureSphere Agent reserves 8 GB of database server disk space by default. You can change the amount of disk space
being reserved, as well as the location where this information is saved. For information on how to change this value, see
the article Agents - Modifying the PCAP quota created on the Database.
Diskspace Requirements
Operation AIX Solaris Linux Windows
Normal operation, logging, storing

configuration, and more (Installation 500 MB 500 MB 500 MB 500 MB
folder)
Ensure audit information is preserved

8 GB 8 GB 8 GB 8 GB
in the event of network problems
Required when Upgrading Agents* 750 MB 1500 MB 250 MB 300 MB
*Disk space allocation used when upgrading is divided between the tmp folder and Agent folder. For more information
see the following article titled What is the minimum disk space requirement to install DB agent on both Windows and *nix
platforms?.
Platform Specific Notes for the SecureSphere Agent

This section reviews platform specific information for SecureSphere Agents.
Note: The topics in this section explicitly related to standard SecureSphere Agents, they are not
relevant for SecureSphere Agent for Big Data.
This section reviews the following:

• Special Considerations for Certain Linux Platforms

• SecureSphere Agents on Microsoft Windows
• SecureSphere Agents on Ubuntu
Special Considerations for Certain Linux Platforms
Some Linux platforms maintain several versions of their OS, and service packs for each version. Additionally, SUSE,
Teradata, and OEL UEK, periodically release updates to service packs, which sometimes include updated versions of the
kernel.
As such, there are a number of items that should be taken into account and understood before installing Imperva Data
Security Agents on these Operating Systems. For more information, see:
• Obtaining the Latest Version of the SecureSphere Agent

• Verifying Prerequisites for non-Windows Agents
in the DAM Administration Guide.
SecureSphere Agents on Microsoft Windows
When working with the SecureSphere Agent on Microsoft Windows 2008 and newer, Base Filtering Engine (BFE) service
must be enabled on the database server. For more information, see Microsoft Windows documentation.
SecureSphere Agents on Ubuntu
Please note the following considerations for the SecureSphere Agent when installed on Ubuntu:
• The installation folder for the SecureSphere Agent on Ubuntu is /usr/imperva and cannot be modified.
• Databases that support the SecureSphere Agent on Ubuntu include Postgre SQL and MySQL.
Installing SecureSphere Agents

This section reviews topics related to the installing of SecureSphere Agents and includes the following:
• Installing and Upgrading SecureSphere Agents

• Required Permissions for Agent Installation/Configuration
• SecureSphere Agent Package
• Upgrading SecureSphere Agents
• After Installing the SecureSphere Agent

Installing and Upgrading SecureSphere Agents

Before downloading the SecureSphere Agent installation file(s), please read carefully the "Installing SecureSphere
Agents" chapter in the Imperva Administration Guide.
Notes:
• To understand which Agent versions work with which Gateway versions, refer to the Data
Security Coverage Tool at https://www.imperva.com/data-security-coverage-tool/ before
upgrading your Agents.
• In Unix and Unix-like systems, the bash shell must be available before installing the
SecureSphere Agent.
Required Permissions for Agent Installation/Configuration

To install and configure agents, you require administrator privileges. To run with administrator privileges:
• In Windows: Open the Windows Start Menu, search for ‘cmd,’ then right-click cmd.exe and select "Run as
administrator." In command window, navigate to location of installation package and run as required.
• In Unix/Linux: Run as root user (uid=0)
SecureSphere Agent Package

Imperva supports downloading and deploying agents from the Software Updates screen in the Management Server GUI.
The agent is provided as a compressed file (.tar.gz for Unix, .zip for Windows), which includes a number of other files.
The content of the compressed file include:
• An installation file for the SecureSphere Agent. This file is a .bsx for Unix or .msi for Windows and its name
contains the string ragent.
• An installation file for the SecureSphere Agent Installation Manager. This file is a .bsx for Unix or .msi for
Windows and its name contains the string ragentinstaller.
• An installation batch file (install.sh). This file is only part of the Unix installation package. It is not included with
the Windows installation package.
• A readme file.
• A file with the suffix "metadata" which is used by the agent installation manager.

Upgrading SecureSphere Agents

Note: For information on upgrading SecureSphere Agent via Software Update see the Administration Guide.
In Windows, install the SecureSphere Agent and if there is an existing SecureSphere Agent installed, it will be upgraded. In
Unix, use the -u parameter in the installation command.
Notes:
• In both Windows and Unix, there is no need to re-register an upgraded SecureSphere Agent.
• When upgrading SecureSphere Agent's for AIX, you need to restart the database after agent upgrade is
complete.
To upgrade a Unix Agent to v14.4:
1. Download the new agent package.

◦ To determine what installation package you need to download, see Determining Which non-Windows
SecureSphere Agent Package to Install
◦ For a list of available agent package file names, see SecureSphere Agent Package Installation File
Names
2. Untar (uncompress) the agent package as follows:
cd <folder>
gunzip <filename>.tar.gz | xargs tar xvf <agent-tar-filename>
3. Install the new SecureSphere Agent using the following upgrade parameters:
./install.sh
Note: If installing or upgrading on SUSE or UEK systems, you need to add the following to the above command:
-k kabi_<n>.txt
Example:
./Imperva-ragent-OEL-v7-kUEK-v5-px86_64-b14.6.0.120.0.643876.bsx -u -k kabi_0
081.txt
For more information on using this command see the Imperva Admin Guide.
To upgrade a Windows agent to v14.4:
1. Download and unzip the new agent package file (.zip).

2. Double-click the file named Imperva-ragent-Windows-<fileversion>.msi, the agent is upgraded.
3. Install the installation manager: Double-click the file named Imperva-ragentinstaller-Windows-
<fileversion>.msi, the agent installation manager is installed. Note: this step is only relevant when installing
with a management server version 10.5 or newer.

After Installing the SecureSphere Agent

The following topics review important post installation information for the SecureSphere Agent:
• AIX Post Installation Information

• Locally Caching Monitored Traffic
AIX Post Installation Information
If you have installed the SecureSphere Agent on a machine on which no SecureSphere Agent was previously installed,
then:
• You must restart all database instances and processes after the first time you start the SecureSphere Agent. For
example, in Oracle, the main listener process “tnslsnr” should also be restarted.
• If you want to enable the source IP address feature, you must restart the login servers (SSH, Telnet, Rlogin) after
the first time you start the SecureSphere Agent.
There is no need to reboot the server.
Locally Caching Monitored Traffic
When the SecureSphere Agent is unable to send database traffic to the Gateway (for example, if the communication link
to the Gateway is down) it stores the data to disk until such time as the data can be sent to the Gateway. Parameters
controlling the location and size of these disk files can be configured in the Advanced Configuration section of the
SecureSphere Agent’s Settings tab. For more information, see the Settings Tab - Database Settings Section topic DAM
User Guide.
Open Issues with Imperva Data Protection Agent - v14.4 Patch

120
ID Agent OS Agent DB/Product Description
On AIX, in order to audit correctly the remote user of local

connections, processes which handle remote login (such
AGNT-10788 AIX All Databases
as sshd and telnet) must be restarted after the agent
installation.

'User name' is not part of the process argument, and

therefore cannot be excluded as part of the 'argument' in
the process details criteria. Workaround: use the 'user
name' field instead of the 'process argument' field.
When monitoring Informix SHM, audit data may be

AGNT-7249 AIX Informix
missing for large responses.
In AIX 7.1, in rare cases, when monitoring Informix SHM

AGNT-7513 AIX Informix large responses, part of the response is missing in the
audit.
Traffic might not be audited for local connections for

Informix v10.
When Oracle DB is configured in 'shared mode' there is no

AGNT-10796 AIX Oracle
audit.
The Exclude operation doesn't work with agent and

gateway combined criteria with BEQ connections.
Watchdog/InjectionManager/crashes counter might

increase due to early wakeup of Injection manager.
In rare cases there is no audit in open mode ASO

connections.
AGNT-8223 AIX Oracle Audit loss of up to 0.3% of the traffic was encountered.
AGNT-8446 AIX Oracle Limitation: ASO is not supported on AIX WPAR.
AGNT-9353 AIX Oracle Open mode ASO connections are not being monitored

after Agent upgrade or after uninstalling and then

installing a different Agent version.
Only 126 ASO connections out of 200 that are opened

concurrently are monitored.
If ASO interception is disabled in the Agent, and there are

AGNT-10234 AIX, Linux, Solaris Oracle ASO connections in the Database, alarm won't be
generated until a new ASO connection starts.
If the RemoteAgent listener in the Imperva Gateway is

changed from non SSL to SSL, the Imperva Agents
AGNT-10194 All All Databases registered to this Gateway will no longer be able to
communicate with the gateway. Workaround: re-register
relevant Imperva Agents.
On rare occasions, when unregistering an Agent from the

gateway that was in 'full-trust' trust mode, and then
AGNT-10206 All All Databases registering it without trust enabled, the agent will not be
able to start. Workaround: uninstall and reinstall the
agent.
Combining two or more monitoring rules, with some of

AGNT-10228 All All Databases them Agent criteria and others gateway criteria does not
work properly.
The equals sign (=) is not supported for the password of

the Imperva user when registering agent to the gateway
AGNT-10281 All All Databases
using command line. Using the equals sign in the
password when registering from the CLI works.
The Imperva Agent cannot be installed in a root directory

(C:\ for example), but only in a subfolder.
AGNT-6402 All All Databases On rare occasions, Time Of Day exclusions do not work.

After gateway restart, wrong event capture time is

reported for logout operations.
In cases when the system parameter max_pid was

modified after ragent was loaded, some audit will be lost.
During agent move, Agent status might temporarily

AGNT-8151 All All Databases change to Running With Errors 'Data connection to
gateway has been lost'.
Agent and gateway cannot communicate when the

AGNT-8268 All All Databases gateway is configured as Reverse Proxy and to accept only
ECDH ciphers.
During an automatic agent move, the agent's status might

temporarily change to "Bad Connectivity."
When the agent is disconnected from the Gateway, audit

loss may occur.
In cases where the server had no free disk space, after

AGNT-8558 All All Databases freeing some space the RACLI interface may show errors.
Agent stop/start via the Agent CLI may resolve the issue.
On rare occasions, the Remote Agent process crashes

during shutdown.
After re-registering the agent to a different MX, the

hostname might not be correctly reflected in the MX.
When installing the SecureSphere Agent Installation

AGNT-8981 All All Databases Manager only, users cannot change the path of the
download directory in the MX GUI.

Advanced configuration of "kernel-max-pid" and of

"kernel-max-pid-limit" will not affect the agent if their
value is higher than maximum number of process defined
in the operating system.
Agent crashes when enabling "send-ack" configuration

AGNT-9151 All All Databases from additional-configuration. Workaround: disable
configuration.
In rare cases the agent may fail to get a valid certificate

when starting trust migration.
Remote Agent CTRL process uses high CPU when setup

has trust and gateway cluster.
In rare scenarios, agent log files can take more disk space
than defined.
Using the Dbeaver client, when setting inline sniffing and

the followed action after blocking is IP/User block the
Dbeaver may accept few more queries until blocking is
AGNT-11524 All All RDBMS Databases
applied. This could happen when the Dbeaver opens
more than 1 connection to the Server and each open
connection will accept one query before being blocked.
AGNT-11565 All DB2 All Import/export were not audited in DB2.
When monitoring DB2 Shared memory connections, the

AGNT-7232 All DB2 All
response size in audit appears as 0.
When configuring Traffic Monitoring Rule with Process

AGNT-7272 All Informix details - Agent criteria, and using the arguments
parameter, the character @ is not supported.

"An active shared server has been detected" alert could

AGNT-10844 All Oracle
appear even though Oracle is not in shared server mode.
AGNT-11507 All PostgreSQL Import/export were not audited in PostgreSql.
SecureSphere doesn't audit activity that takes place in

AGNT-9919 All Progress shared memory, for example activity of the Progress
Openedge utility.
On rare occasions, when there are issues with the rpm

AGNT-10315 Linux All Databases
database, the agent can cause performance degradation.
Large responses are sometime not audited if the database

is monitored in the user-space.
Changing the ragent installation directory while

AGNT-10072 Linux All RDBMS Databases upgrading ragent version may cause audit loss until next
database restart.
If Data Interface discovery is disabled, there is no audit for

AGNT-10128 Linux All RDBMS Databases
MsSQL on Linux and Teradata version 16.1 and up.
User space monitoring will not work when the agent

AGNT-10195 Linux All RDBMS Databases
installation directory is larger than 75 characters.
Audit loss may be experienced with connections that are

AGNT-10705 Linux All RDBMS Databases opened shortly (seconds) after database restart when
user-space interception is active.
AGNT-12838 Linux Cloudera Impala Impala failed login is not captured in MX.
AGNT-12054 Linux DataStax Cassandra The DataBase field in MX audit data might be incorrect

when running commands without explicitly specifying the

relevant keyspace.
Create Function statements might not be displayed in MX

AGNT-12102 Linux DataStax Cassandra
audit.
After agent restart, audit of few transactions might be

AGNT-11743 Linux DB2 for LUW
lost.
"Object" column in audit for "db.collection.copyTo()"

AGNT-11747 Linux MongoDB command shows the database name instead of the
collection name.
"Object" column in audit is empty for commands

AGNT-11748 Linux MongoDB adb.testData.storageSize(), db.testData.totalIndexSize()
and db.testData.totalSize().
Audit events may be reported on a user that failed to

AGNT-11791 Linux MongoDB
authenticate to the database.
Connections that are established just after the database

AGNT-10127 Linux MSSQL
starts might be audited as a 'connected user.'
AGNT-11757 Linux MSSQL No audit is available for IPC connections.
MySQL upgrade fails with errors in collector log starting

with [ERROR]UnifiedLogsPeriodicThread.cpp:218 Cant
AGNT-11641 Linux MySQL open dir for scan. Workaround is available in the
customer knowledgebase at https://docs.imperva.com/
howto/6be1fc2c
When inline mode is configured, ASO shared mode results

AGNT-10561 Linux Oracle
in a connection delay.

SQL exception is not detected for non-existing table on

Diffie Hellman open mode connections.
Oracle Recovery Manager (RMAN) jobs might get stuck

AGNT-11324 Linux Oracle when agent is active and ASO Monitoring is enabled in the
agent.
On rare occasions, logout notification missing for tcp

AGNT-11654 Linux, Unix Oracle
connections of DB2.
When an Agent reconnects to the gateway, some of the

AGNT-11851 Linux, Windows All Databases traffic audit that was intercepted during the
disconnection time might be lost.
Missing audit may be encountered when a query

command hasn't fetched all the data that the query
OEL (non-UEK), Cloudera Hive,
AGNT-11581 returned, e.g., when using Hue UI, the fetches are done in
OEL-UEK, RHEL Hortonworks Hive
chunks of 1000 rows and the next fetch is done when the
user scrolls down the UI.
Vendor Meltdown patches for RHELv7 and for RHELv6

AGNT-9964 RHEL All Databases operating systems cause the SecureSphere Agent to fail
during start.
When performing an operation in HDFS through REST API,

Cloudera HDFS,
AGNT-10655 RHEL the source IP in MX audit is always be the local IP of the
Hortonworks HDFS
server.
AGNT-10006 RHEL Cloudera Impala A few types of SQL exceptions are not reported in Impala.
SecureSphere Agent does not support authentication in

AGNT-10328 RHEL MongoDB
MongoDB client versions older than 3.0.

When working with Diffie Hellman on Postgres on RHEL 8,

AGNT-12787 RHEL PostgreSQL audit for connections that were opened when the agent
was down won't be seen.
When running GTI on Solaris 10, the error message "ln:

AGNT-7856 Solaris All Databases
cannot create [...]: File exists" may appear.
If Oracle is configured to work in shared-server-mode,

AGNT-10042 Solaris Oracle
Diffie-Hellman connections will not be monitored.
When upgrade from v13.0 to v13.1 or later, open mode

AGNT-10249 Solaris Oracle connections won't be audited. Workaround: Restart the
Database after the upgrade.
'Source of activity' field mistakenly displays 'remote' for

local connection on Solaris global zone.
GTI doesn't collect ASO logs when "shared" folder is

defined in non default location.
When 200 simultaneous ASO connections are open, some

are not being monitored.
When the Oracle database is installed on a Solaris zone

which isn't Global and the Agent ASO is enabled, Agent
may display error with message "Oracle ASO monitoring
failed".
In rare cases, due to startup scheduling, a complete loss

AGNT-10146 SUSE All Databases
of audit data may occur. Workaround: restart the agent.
Vendor Meltdown patches for SUSE Operating Systems

cause the SecureSphere Agent to fail during startup.

When Oracle is configured to work in shared mode with

ASO encryption, connections might not be audited after
AGNT-11850 SUSE Oracle agent restart when the database server had been started
before the agent and there were no external connections
to the database when the agent went up.
If kernel option 'kptr_restric' is set to '2', the Imperva

kernel module will fail to load.
AGNT-11795 SUSE PostgreSQL
Workaround - set kptr_restric to 1.
When layer-C is enabled, there might be invalid audit of

AGNT-11801 SUSE SAP-HANA
the responses from the database.
When using SAP-HANA 12, moving from sniffing to inline

AGNT-8696 SUSE SAP-HANA mode and vise versa doesn't work with local TCP
connections.
In Teradata 16.1 and above the CPU consumption of

ragent process is higher than in older Teradata versions.
AGNT-9471 SUSE Teradata Work around: Client may disable TD-API method using
advanced config in order to work the same as older
Teradata versions.
On rare occasions, uninstalling the SecureSphere Agent

AGNT-9959 SUSE Teradata
might cause the Teradata database to freeze up.
If more than a single PDE is installed on the machine, GTI

AGNT-11611 SUSE-Teradata Teradata will fail. Workaround: Collect the required information
manually.
The Ubuntu 14.04 agent can't be installed or upgraded

AGNT-9947 Ubuntu All Databases
using Software Update.

When systemd in enabled, a permission issue is

encountered that requires restarting the database to
AGNT-12205 Ubuntu MariaDB, MySQL resolve. In Ubuntu, systemd is enabled by default.
Workaround: After starting the agent, restart the
database.
First queries received with an Agent with open mode

AGNT-10165 Unix All Databases
connections are not audited.
When connecting to a machine before the agent is

working, the remote login isn't detected. Some
AGNT-9265 Unix All Databases applications (such as SecureCRT) reuse previous SSH
connections thereby preventing the remote login from
being detected.
Agent fails to start if the agent folder is located on XFS

AGNT-9456 Unix All Databases
with 64bit i-nodes.
Incomplete audit for TCP local traffic. Workaround: Add

the following item in the SecureSphere Agent's Advanced
AGNT-10266 Unix MySQL Configuration pane:
<kernel_support_local_traffic_in_server_side>0</kernel_
support_local_traffic_in_server_side>.
Open mode is not supported for encrypted and non-

encrypted Oracle connections during upgrade from Agent
AGNT-8409 Unix Oracle
version less than v12 to Agent version v12 and newer,
when ASO monitoring is enabled prior to the upgrade.
If monitoring Diffie-Helman traffic while ASO in the agent

is disabled, agent enters running with errors. If disabling
AGNT-9389 Unix Oracle
DH traffic on the database while ASO is still disabled in
the agent, running-with-errors persists.
When working with connections that utilize high ports

AGNT-8054 Unix Progress
with Progress DB, open mode is not supported.

No IPv6 listener system event is generated if the channel

AGNT-11916 Windows All Databases
is added manually.
When upgrading from agent versions earlier than 11.0,

AGNT-6189 Windows All Databases server might cause lower agent performance.
Workaround: Reboot the database server after upgrade.
AGNT-6256 Windows All Databases On rare occasions, agent uninstall may fail.
Upgrading the Windows Agent to the same Agent version

will fail.
When executing first time installation of the SecureSphere

Agent or upgrading from v11.0 and earlier and working
AGNT-7369 Windows All Databases with EIK on Windows Server 2012 and newer,
SecureSphere cannot monitor previously established
connections.
AGNT-7533 Windows All Databases On rare occasions, process details are missing.
When a MySQL, Oracle or DB2 database is accessed using

AGNT-8680 Windows All Databases Windows authentication and Kerberos authentication is
used, the username will not be audited.
On Windows Server 2012, if open connections exist prior

to installing the agent, running new short connections
could cause non-existent logouts to appear in audit of
open mode connections.
Updating a channel (etc. disabling then re-enabling)

causes audit loss.
AGNT-8915 Windows All Databases DrWeb antivirus mistakenly detects Imperva agent as a

Trojan.
When external traffic is monitored by pcap on windows

platforms, disabling and enabling network interface while
agent is running will cause complete audit loss.
Workaround: restart the Agent.
If the DB client connects to the DB server via 'shared

AGNT-8678 Windows DB2 All
memory,' the source IP address in audit is missing.
AGNT-8393 Windows MariaDB Maria DB IPC channel is not supported.
Certificate discovery might not work properly if two

AGNT-10137 Windows MSSQL different databases are running with the same user but
with different domains.
Incorrect OS user chain in MX appears for external

AGNT-10217 Windows MSSQL connections when MSSQL Advanced Monitoring is
enabled.
If Advanced Monitoring Mode is enabled, open-mode

AGNT-10575 Windows MSSQL connections are not monitored with some clients (such as
the Querier).
Channel over LocalTCP traffic is displayed on MX as

AGNT-11228 Windows MSSQL
MsSqlIPC.
The client remote session IP address might be missing if

the MSSQL server user has insufficient permissions to
obtain it. This results in the inability to block the
connection by its source IP.
AGNT-6398 Windows MSSQL After blocking in sniffing mode for local TCP connections,

it takes about a minute for the client to close the local

TCP session.
When changing the login user of MSSQL server, its

AGNT-7994 Windows MSSQL corresponding IPC channel log directory needs to be
manually deleted. Otherwise, there will be no audit.
In cases where there is more than one MSSQL database

AGNT-8087 Windows MSSQL on a server, all databases are running and RC4 user is
used for Kerberos, Hashed Users may appear in audit.
Agent fails to discover certificate after changing user that

runs the MSSQL service. Workaround: Restart the
database to discover the new certificate. Relevant for
MSSQL 2016.
In advanced mode, if a user ignores IPC channel and then

un-ignores it, existing connections are not monitored.
Open mode connections are not monitored on remote-

named-pipe channel.
When a machine has more than one MsSql server

installed that are running under the same user name but
from different domains, the default MsSql certificate
might not be extracted for some of the servers.
When sending a query from a client in one domain to an

MSSQL server in another domain with MSSQL service
AGNT-8913 Windows 2012 All Databases
running an AD user in the first domain, hashed user is
received.

Agent Patch Bug Fixes

This section includes information regarding bugs that were resolved in the following patches. Note that a bug fixed in any
patch is considered fixed in later patches, unless it appears in the Open Issues section of a later patch.
• Fixed Issues with Imperva Data Protection Agent - v14.4 Patch 120
• Fixed Issues with Imperva Data Protection Agent - v14.1 GA
Fixed Issues with Imperva Data Protection Agent - v14.4 Patch 120
On SUSE 12 SP 5 working in secure boot mode had issues

monitoring in the kernel because the agent kernel driver
AGNT-12865 SUSE All Databases failed to load.
Agent failed to start after installation due to a incorrect

AGNT-12867 SUSE All Databases detection of AppArmor base file.

Database discovery was getting hung up when running on

AGNT-12810 AIX Oracle AIX.
AGNT-12782 AIX, RHEL, Solaris Oracle Agent caused a kernel crash.
The agent was running with errors due to trying to

AGNT-12796 Linux All Big Data Databases monitor non-relevant processes.
Big Data Agent could discover non Big Data channels on

AGNT-12606 Linux All Big Data Databases startup.
When working with user space mode there could have

been audit loss (related to a "couldn't extract the FD"
AGNT-12727 Linux Oracle error).
Discovery for Sybase Commercial path for user space

AGNT-12724 Linux Sybase All agent did not work.
Agent discovery stopped running due to it attempting to

AGNT-12761 OEL-UEK, RHEL MongoDB monitor non-relevant processes.
AGNT-12849 RHEL MongoDB Agent didn't support SELinux on MongoDB.
DB Discovery and Open Mode features were causing

AGNT-12717 Solaris Sybase IQ performance issues for Sybase IQ.

ASO traffic in Oracle 19.12.x is now supported in EIK

AGNT-12797 AIX, Linux, Solaris Oracle mode.
ID OS Agent DB / Product Description
AGNT-11459 AIX Oracle AIX agent was consuming a large amount of system CPU.
AGNT-12782 AIX, RHEL, Solaris Oracle Agent caused a kernel crash.
AGNT-12665 All All Databases CPU capping for ragent process did not run.
When restarting the agent when using user space agent,

the agent sometimes stopped monitoring.
When running the agent on DB2 cluster, the RemoteAgent

sometimes crashed.
When Oracle was configured to work in shared mode with

AGNT-11655 Linux Oracle ASO encryption, connections might not have been
audited after agent restart.
In Oracle and Postgres, when using user space

monitoring, agent creates logs for collector loader when
AGNT-12573 Linux Oracle, PostgreSQL
agent is down. These files are deleted when starting agent
again.

ID OS Agent DB / Product Description
In some kernel modules, an old deprecated assembly

AGNT-12509 OEL-UEK, SUSE All Databases code was not retpoline-safe. This code was removed from
our kernel module.
Agent DB /
ID Agent OS Description
Product
After rebooting the machine, the agent may not be

AGNT-12394 Solaris All Databases
able to start. Workaround: restart the agent.
CentOS, RHEL,
SUSE, SUSE- If SELinux is enabled, the database could have
AGNT-12596 MariaDB, MySQL
Teradata, OEL-UEK, become unresponsive shortly after reboot.
OEL (non-UEK)
When running the agent on DB2 cluster, the

RemoteAgent sometimes crashed.
If the Agent Installation Manager was upgraded

before the Agent was installed, then the Agent
AGIM-438 All AGIM-438
wouldn't have gotten the most updated ACP (until
the next ACP release).

Agent DB /
Product
When working in user space mode and with Large Server

Cluster, some Gateways might not have received traffic.
A softlink to the Oracle installation path could have caused the

agent to be running with errors.
When monitoring MsSql 2019 on Linux and the agent started, it

AGNT-12536 Linux. RHEL MSSQL
could have crashed the Database.
In some kernel modules an old deprecated assembly code was

AGNT-12506 RHEL All Databases not retpoline-safe. This code was removed from our kernel
module.
Agent DB /
Product
Oracle Grid injections could have affected database

functionality.

Agent DB /
Product
In some cases, the Data Protection Agent might

create an empty /boot/System.map file.
Oracle Grid injections could have affected database

functionality.
In rare scenarios and on servers with mounts, the

AGNT-10280 Linux, Unix All Databases database discovery process might have hung and
channels weren't discovered.

No bug fixes are being released with this patch. To see the content released with the patch, see the section on Patch 50 in
this topic: Features Released with Agent v14.4.
Agent DB /
Product
Big Data agent crashed when a Big Data exclusion

was removed from MX.
Ragent process might have crashed under high

volume of traffic.

Agent DB /
Product
When connection on a local IPV6 interface, the

AGNT-12198 Windows MSSQL source or destination IP reported was the broadcast
IP.
AGNT-11945 Windows MSSQL Agent was sometimes failing to discover MSSQL.
Agent DB /
ID Agent OS Product Description
If there was no traffic on a connection for longer than

10 minutes, the following packet might be not have
AGNT-11337 All All Databases been audited.
If a connection was idle for more than 10 minutes,

AGNT-12120 All All Databases the first event for the vreak could have been lost.
Monitoring BEQ connections with Oracle userspace

interception could have resulted in 'connected user'
AGNT-11918e Linux Oracle events.
In Oracle 18 and up, when a few connections are

opened at the same time, the Agent might drop the
AGNT-11814 Unix Oracle user name associated with some of the connections.
AGNT-11441 Solaris All Databases Solaris agent wasn't able to initialize.

Agent DB /
Product
On rare occasions, once the agent started working in

slim monitoring, it got stuck in that mode.
AGNT-11550 All All Databases On rare occasions, the controller was unable to stop.
No audit was available for Oracle when using the

AGNT-11994 All Oracle following combination: sqlplus version 19, OCM,
Encrypted traffic.
Big Data agent could experience memory capping

All Big Data
AGNT-11952 Linux when exclusion monitoring rules were applied to it in
Databases
MX.
When thousands of local connections are being

opened and closed while another local connection is
Linux, Unix, All RDBMS
AGNT-11036 still opened, the database user might appear as
Windows Databases
'connected user' instead of the right database user
name.
Running with error message was encountered stating

Linux, Unix,
AGNT-11264 Oracle that the an ASO misconfiguration was not cleared
Windows
after restarting the Agent.
When a new ACP (Agent Compatibility Package) was

All Big Data sent to the Big Data Agent, an Agent restart via MX UI
AGNT-11331 OEL-UEK, Rhel
Databases was required in order to support a database that
wasn't supported with the previous ACP update.
MongoDB memory consumption may have increased

AGNT-11552 OEL-UEK, RHEL MongoDB
when the Agent was used.

Agent DB /
Product
If there are several instances of MySql or MariaDB

installed on one DB server (several of the same type)
AGNT-10938 OEL-UEK, SUSE MariaDB, MySQL
then in certain scenarios audit for one might be
missing.
AGNT-11839 RHEL MSSQL No audit was available in MSSQL over Redhat 8.
In RHEL7, Oracle BEQ connections were not

AGNT-11866 RHEL Oracle monitored once the connection was opened by any
user that is not oracle.
In rare scenarios ASO monitoring with Imperva Agent

AGNT-10499 RHEL Oracle
was not working.
AGIM-369 Unix All Databases Agent tech info left temp files behind.
DB2 process crashed when trying to access an

AGNT-11856 Windows DB2 for LUW
uninitialized global variable.
DB2 process crashed when trying to access an

AGNT-11855 Windows DB2 for LUW
uninitialized global variable.
SQL server crashed after upgrading agent to

v13.5p20.
MS-SQL server panic was encountered.


ID Agent OS Agent DB/Product Bug Description
AGNT-11350 AIX Oracle Agent caused the server to reboot.
A single process with many threads could have

resulted in high CPU.
On rare occasions, once the agent started working in

slim monitoring, it got stuck in that mode.
AGNT-11550 All All Databases On rare occasions, the controller was unable to stop.
In rare cases, where agent memory capping occurred

AGNT-11368 Linux All Databases when using local connections and userspace
interception agent didn't respond due to deadock.
On databases with a high load that were monitored

AGNT-11411 Linux All Databases with user-space interception, the agent was slow to
respond.
Audit loss for user-space intercepted databases when

the agent was installed on a soft link.
AGNT-11528 Linux DB2 for LUW High system CPU encountered on RHEL 7.
In rare cases, audit loss was experienced with

external TCP connections in DB2.
When the Remote Agent was restarted multiple

AGNT-11322 Linux MongoDB times, the MongoDB process could have crashed with
a SIGTRAP signal.

When the Remote Agent was restarted multiple

times, for example, due to a capping event, the
MongoDB process could have crashed with a SIGABRT
signal.
Database server crashed after upgrading Imperva

Agent to v14.1
Agent 13.5p20 crashed SUSE 12 sp2 on syscall

replacement.
In regular mode, around 10% of audit is lost when

using BEQ connections. To work around this issue,
see the following article in the customer knowledge
AGNT-11508 Linux Oracle base: https://www.imperva.com/
sign_in.asp?retURL=/articles/Solution/Agents-
Resolving-connected-users-when-running-BEQ-
traffic
Cloudera HDFS,
Linux, OEL (non- HDFS traffic might have been slow due to Imperva
AGNT-11619 Hortonworks
UEK), OEL-UEK Agent.
HDFS
AGNT-11262 Linux, Unix All Databases Sticky bit for permissions was missing for folders.
Running with error message was encountered stating

AGNT-11264 Linux, Unix Oracle that the an ASO misconfiguration was not cleared
after restarting the Agent.
When thousands of local connections are being

opened and closed while another local connection is
All RDBMS
AGNT-11036 Linux, Unix, Windows still opened, the database user might appear as
Databases
'connected user' instead of the right database user
name.

Cloudera Hive, Logout events in Hive only appeared in audit after 24

AGNT-11158 OEL-UEK, RHEL
Hortonworks Hive hours.
In rare scenarios ASO monitoring with Imperva Agent

AGNT-10499 RHEL Oracle
was not working.
AGNT-11121 Solaris Oracle ASO monitoring failed on Oracle minor version.
Agent installation failed when /lib/ directory was

read-only.
Agent failed to intercept traffic on new SUSE 12 SP3

AGNT-11736 SUSE Oracle
kernels (starting in 4.4.178-94).
Running GTI on Teradata SLES machine, which has 2

AGNT-10311 SUSE-Teradata Teradata or more Teradata DB instances, will produce output
for all the instances.
In TD16.1 and higher, restart of Imperva Agent might

AGNT-11593 SUSE-Teradata Teradata
have resulted in a database crash.
AGNT-11375 Ubuntu MariaDB Agent failed to monitor MariaDB traffic.
Greenplum, With Management Server versions 12 and lower

AGNT-11162 Unix MariaDB, automatically discovered data interfaces did not
PostgreSQL always appear.
Agent could have caused DB2 process to crash when

AGNT-11253 Windows DB2 All
shared memory connections were used.
Blocking was not supported with MSSQL Advanced

Monitoring.

Multiple recurring blocked connections would lead to

AGNT-11041 Windows MSSQL a memory leak, eventually causing the sql server to
block new connections.
AGNT-11357 Windows MSSQL MS-SQL server panic was encountered.
MongoDB may not have been audited when a domain

user was running the MongoDB process and the domain
AGNT-11065 RHEL, UEK MongoDB controller wasn't accessible from the MongoDB server
when the Agent Controller started. Agent would be
Running with Errors.
discoveryCtrl and discoveryRagent logs might have

AGNT-11102 RHEL, UEK All Databases
flooded the disk.
AGNT-11017 RHEL, UEK Hortonworks Hive Agent failed to monitor Hive on Hortonworks 3.1.X
HBase server process could have crashed when more

Cloudera HBase,
AGNT-11018 RHEL, UEK than 10K connections were audited by the Agent on
Hortonworks HBase
RHEL6 or OEL6.
Cloudera HBase, Agent would not audit more than first 10K connections on
AGNT-11019 RHEL, UEK
Hortonworks HBase HBase with a version lower than 2.0.0.

Fixed Issues with Imperva Data Protection Agent - v14.1 GA
ID Agent OS Agent DB/Product RN Bug Description
Adding Informix shared memory channel caused

configuration failures.
Oracle ASO monitoring might suffer from audit loss on

AGNT-10887 AIX, Linux, Solaris Oracle
rare cases.
In multi-core environments competition for agent

AGNT-10767 All All Databases resources resulted in reduced transactions per second
(TPS).
AGNT-10907 All All Databases Agent monitoring rules (AMR) was not excluding traffic.
Cloudera HDFS, RemoteAgent monitored only the first 10,000 HDFS

AGNT-10565 Linux
Hortonworks HDFS connections.
Spectre v2 mitigation retpoline might have been disabled

Linux, RHEL,
AGNT-10230 All Databases in kernel when Agent was installed on newer kernel
SUSE, UEK
versions.
E2E userspace monitoring may fail on rare occasions

MariaDB, MSSQL,
AGNT-10801 Linux, ubuntu when working on: MsSQL on Linux; MySQL, PostgreSQL,
MySQL, PostgreSQL
and MariaDB on Ubuntu.
Cassandra queries could have had a semicolon at the end

AGNT-10768 RHEL DataStax Cassandra
of the queries.
The following commands were not monitored:

AGNT-10528 RHEL MongoDB createRole,updateRole, grantPrivilegesToRole, and
revokePrivilegesFromRole.

ID Agent OS Agent DB/Product RN Bug Description
Some commands interpreted arguments under the

AGNT-10563 RHEL MongoDB "Parsed Query" and "Query" columns in MX as
hexadecimal strings instead of real string arguments.
Audit of insert commands didn't show documents that

were inserted.
On some occasions, Imperva Agent may be Running With

Errors when using Memory Capping.
AGIM-344 Solaris All Databases Get Tech Info could not be created due to syntax error.
AGNT-10330 Solaris All Databases Get Tech Info could not be created due to syntax error.
AGNT-10668 Solaris All Databases Imperva Agent v13.3 didn't support Solaris 11.4.
AGNT-10669 Solaris All Databases Imperva Agent caused a crash on Solaris 11.4 and above.
On rare occasions, due to unexpected races, agent may

SUSE, ubuntu,
AGNT-10748 PostgreSQL enter running with errors due to corrupted
UEK
synchronization objects in the PostgreSQL.
AGNT-10737 Windows All Databases Agent displayed the wrong Windows version in the MX.
AGNT-10494 Windows MSSQL Logs were created containing no information.
If the RemoteAgent was started after a server reboot with

AGNT-10706 Windows Oracle an IPC channel enabled, it could be running with errors
with the message "Couldn't apply agent configuration".

Proprietary Rights Notice
© 2002 - 2023 Imperva, Inc. All Rights Reserved.
Follow this link to see the Imperva copyright notices and certain open source license terms:
https://docs.imperva.com/bundle/z-kb-articles-km/page/656407b1.html
THIS DOCUMENT IS PROVIDED "AS IS" WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT NOT
LIMITED TO WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, AND NON-INFRINGEMENT. IN NO
EVENT SHALL IMPERVA BE LIABLE FOR ANY CLAIM OR DAMAGES OR OTHER LIABILITY, INCLUDING BUT NOT LIMITED TO
DIRECT, INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY KIND ARISING FROM ANY ERROR IN THIS
DOCUMENT, INCLUDING WITHOUT LIMITATION ANY LOSS OR INTERRUPTION OF BUSINESS, PROFITS, USE OR DATA.
No part of this document may be used, disclosed, modified, reproduced, displayed, performed, distributed, stored in a
retrieval system, or translated into any language in any form or by any means without the written permission of Imperva,
Inc. To obtain this permission, write to the attention of the Imperva Legal Department at: 3400 Bridge Parkway, Suite 200,
Redwood Shores, CA 94065.
Information in this document is subject to change without notice and does not represent a commitment on the part of
Imperva, Inc. Imperva reserves the right to modify or remove any of the features or components described in this
document for the final product or a future version of the product, without notice. The software described in this
document is furnished under a license agreement. The software may be used only in accordance with the terms of this
agreement.
This document contains proprietary and confidential information of Imperva, Inc. Imperva and its licensors retain all
ownership and intellectual property rights to this document. This document is solely for the use of authorized Imperva
customers.
TRADEMARK ATTRIBUTIONS
Imperva, the Imperva logo, SecureSphere, Incapsula, CounterBreach, ThreatRadar, Camouflage, Attack Analytics, Prevoty
and design are trademarks of Imperva, Inc. and its subsidiaries.
All other brand and product names are trademarks or registered trademarks of their respective owners.
PATENT INFORMATION
The software described by this document may be covered by one or more of the following patents:
US Patent Nos. 7,640,235, 7,743,420, 7,752,662, 8,024,804, 8,051,484, 8,056,141, 8,135,948, 8,181,246, 8,392,963,
8,448,233, 8,453,255, 8,713,682, 8,752,208, 8,869,279 and 8,904,558, 8,973,142, 8,984,630, 8,997,232, 9,009,832, 9,027,136,
9,027,137, 9,128,941, 9,148,440, 9,148,446, 9,401,927, and 11, 579, 859..
Imperva Inc.
One Curiosity Way

San Mateo, CA 94403
United States
Tel: +1 (650) 345-9000

Fax: +1 (650) 345-9004
• Website: http://www.imperva.com
• General Information: info@imperva.com
• Sales: sales@imperva.com
• Professional Services: consulting@imperva.com
• Technical Support: https://support.imperva.com/s/
v14.4-Agent-Release-Notes-Patch-120

v14.4_agent_release_notes_12-18-2024

Uploaded by

Copyright:

Available Formats

v14.4_agent_release_notes_12-18-2024

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

v14.4_agent_release_notes_12-18-2024

Uploaded by

Copyright:

Available Formats

v14.

4 Agent Release Notes

v14.4 Agent Release Notes

v14.4 Agent Release Notes 1

v14.4 Agent Release Notes 2

v14.4 Agent Release Notes 3

Data Protection Agent Release Notes

• Features Released with Agent v14.1

Features Released with Agent v14.1

v14.4 Agent Release Notes 4

Patch 20 Additions - Release Date May 26, 2019

Features Released with Agent v14.4

• MSSQL 2019 (on Windows and Linux)

Patch 20- Release Date: August 17, 2020

Patch 30- Release Date: October 19, 2020

Patch 40 Additions - Release Date December 21, 2020

v14.4 Agent Release Notes 5

• DSE Cassandra 6.8

Patch 50 Additions - Release Date January 18, 2021

• SAP-HANA 2.0 SPS5

Patch 60 Additions - Release Date February 15, 2021

Patch 70 Additions - Release Date March 16, 2021

Patch 80 Additions - Release Date May 19, 2021

• MongoDB support for RHEL 7 for PowerPC

v14.4 Agent Release Notes 6

• Big Data on RHEL 8

Patch 90- Release Date: June 21, 2021

Patch 100- Release Date: September 12, 2021

Patch 101- Release Date: September 26, 2021

Patch 110- Release Date: October 18, 2021

Patch 120- Release Date: November 15, 2021

Database Support - Data Security Coverage Tool

See the tool at https://www.imperva.com/data-security-coverage-tool/

Using the tool is simple:

v14.4 Agent Release Notes 7

SecureSphere Agent Installation Files

• Note on Agent Package Numbers

v14.4 Agent Release Notes 8

Note on Agent Package Numbers

Determining Which non-Windows SecureSphere Agent Package to Install

[root@agents-system tmp]# ./which_ragent_package_[version].sh -v 14.0

[root@prod-rhel6-64-smp ~]# ./which_ragent_package_0157.sh -v 13.0

v14.4 Agent Release Notes 9

Latest DAM Agent package is: Imperva-ragent-RHEL-v6-kSMP-px86_64-b13.3.0.10.0.55114

Latest Big Data Agent package is: Imperva-ragent-bigdata-RHEL-v6-kSMP-px86_64-b1

The above is a recommendation only. It is not a guarantee of agent support.

Database Agent Package Installation File Names

• For a list of standard agents for Database, see:

v14.4 Agent Release Notes 10

Database and File Agent Packages Released with v14.1

OS / Version Installation File Name

AIX 7.1 64-bit Imperva-ragent-AIX-v71-ppowerpc64-b14.1.0.10.0.562096.tar.gz

AIX 7.2 64-bit Imperva-ragent-AIX-v72-ppowerpc64-b14.1.0.10.0.562096.tar.gz

HP-UX B11.31 Itanium Imperva-ragent-HPUX-v11.31-pia64-b14.1.0.10.0.562096.tar.gz

HP-UX B11.31 PA-RISC Imperva-ragent-HPUX-v11.31-phppa-b14.1.0.10.0.562096.tar.gz

v14.4 Agent Release Notes 11

OS / Version Installation File Name

OEL 5 UEK 1 64-bit (2.6.32-100.26.2) Imperva-ragent-OEL-v5-kUEK-v1-ik1-px86_64-b14.1.0.10.0.562096.tar.gz

OEL 5 UEK 1 64-bit (2.6.32-300.7.1 to

OEL 5 UEK 1 64-bit (2.6.32-400.21.1) Imperva-ragent-OEL-v5-kUEK-v1-ik3-px86_64-b14.1.0.10.0.562096.tar.gz