AMP for Endpoints Mac Connector 1.3.0 Defect Can Cause Unexpected System Restart

Summary A defect in AMP for Endpoints Mac Connector 1.3.0 can cause the host system to unexpectedly restart when the AMP service is stopped. The AMP service is stopped during the normal course of system shutdown and restart. It is also stopped when upgrading to a newer version. When the bug is activated, a kernel panic occurs and the operating system responds by forcing a system restart. Users running Connector version 1.3.0 must upgrade to 1.3.1 which fixes this defect. Since the usual upgrade process momentarily stops the AMP service and can trigger this bug, the 1.3.1 installer is specially designed to not stop the AMP service during upgrade. While this minimizes the chance of system restart at an inopportune time, the user must restart the system to finish the upgrade process. If the Connector is being upgraded manually by invoking the installer, the user should save all work and exit all other applications before starting the upgrade process. The 1.3.1 installer will prompt the user to restart the system. If the Connector is being upgraded automatically using AMP policy or a separate deployment tool, system administrators should review the value of the Start Client User Interface policy setting. If this setting is enabled, a notification message will be generated during the upgrade process to prompt the user to restart their system. If this setting is not enabled, system administrators must inform users of the need to restart or force system restart through other means. Each AMP Connector will generate a Reboot Completed event after system restart has taken place. It is highly recommended that 1.3.0 users upgrade to 1.3.1 and restart their systems before attempting to upgrade to a newer (future) Connector version. The aforementioned upgrade mitigation is unique to the 1.3.1 installer and not implemented in other versions. Upgrading from 1.3.0 to any version other than 1.3.1 significantly increases the risk of an unexpected system restart occurring during the upgrade process.

Affected Products AMP for Endpoints Mac Connector versions 1.3.0 Earlier versions including 1.2.6 are not affected. Users currently running 1.2.6 or earlier are encouraged to skip 1.3.0 and 1.3.1 and upgrade directly to newer versions when those become available.

Workarounds There are no workarounds that address this defect.

Fixed Software The defect has been fixed in AMP for Endpoints Mac Connector 1.3.1.

Cisco Systems, Inc. www.cisco.com

Cisco AMP for Endpoints Mac Connector 1.3.0 Defect 1