File Threat Protection does not start due to driver interceptor error [KES for Linux]

[Antipova Anna]

Advice and Solutions (Forum Knowledgebase) Disclaimer. Read before using materials.

Problem

kesl-control --app-info outputs the following error:

en

File Threat Protection:                     Unavailable due to file interceptor driver error

One of the most common root causes is Fanotify is disabled (or KESL could not access it) and kernel module compilation also failed.

A special utility can  be used for this directly on the affected machine with KESL installed:

sudo /opt/kaspersky/kesl/bin/fanotify-checker && echo fanotify: supported || echo fanotify: unsupported

In case, an operating system does not support Fanotify technology, it is required to install some additional packages and build a kernel module for KESL.

A part of required packages may be found on the Hardware and software requirements section of the product documentation, for example for KESL 11.3; In addition to this, new packages kernel-headers-XXX and kernel-devel-XXX must be installed, where XXX - an operating system kernel version.

Use the following scenario to install those packages and build a kernel module for KESL:

for RHEL based OS: 

yum install kernel-headers-`uname -r` kernel-devel-`uname -r`

for Debian based OS: 

apt install linux-headers-`uname -r`

Reboot the system;

Run the post-install script: 

/opt/kaspersky/kesl/bin/kesl-setup.pl --build | tee /tmp/buildLog

And reboot the service: 

systemctl restart kesl-supervisor.service

In case of any further issues, please contact Kaspersky Support.