FAQ

It is possible that during the uninstallation process of the previous GMA version, not all directories and files were fully removed. In this case:

1. Verify and stop GuardMode Agent service:

   • Open the Task Manager and navigate to the Services tab.

   • Locate the CatalogicGuardModeAgent service. If it's running (status not Stopped), right-click and select Stop.

2. Remove residual files:

   • Navigate to the DPX directory.

   • Manually delete the Catalogic Guard Mode Agent directory.

3. Reinstall GuardMode Agent.

4. Check C++ Redistributable:

   • Ensure that the C++ Redistributable library is installed and updated on your system.

5. Check system requirements:

   • Confirm that your system and machine architecture meet the listed system requirements.

If the GuardMode Agent installs successfully but does not appear in your DPX UI, follow these steps:

1. Uninstall GuardMode Agent:

   • Begin by uninstalling the GuardMode Agent from your system as described in the Uninstalling GuardMode Agent chapter.

2. Check Network and Server Status:

   • Ensure that both your Virtual Machine and the DPX master server are online.

   • Verify that they are on the same network.

3. Reinstall GuardMode Agent:

   • Reinstall the GuardMode Agent.

   • During installation, ensure the Setup DPX Notification checkbox is checked.

   • Provide the correct DPX master server credentials in the DPX Configuration step.

These errors indicate issues with GuardMode Agent connectivity. To fix this, follow these steps:

1. Check VM Status:

   • Ensure that the Virtual Machine hosting the GuardMode Agent is powered on and online.

2. Configure Windows Firewall:

   • On the VM, open the Windows Firewall with Advanced Security desktop app.

   • Go to Inbound Rules and look for the Catalogic GuardMode Agent rule associated with port 5000.

   • Check if this rule is Enabled. If not, enable it.

3. Reinstall GuardMode Agent (if necessary):

   • If the rule is already enabled or enabling it doesn't resolve the issue, reinstall the GuardMode Agent.

   • During reinstallation, ensure you provide the correct DPX master server credentials.

If you are experiencing issues with the GuardMode Agent notifications, follow these steps:

1. Check Network and Server Status:

   • Ensure that both the DPX master server and the VM hosting the GMA are online and on the same network.

2. Verify Service Status:

   • Open the Task Manager on the VM.

   • Navigate to the 'Services' tab and locate the 'CatalogicGuardModeAgent' service.

   • Check if the service status is 'Running'.

     • If not, right-click on it and select 'Start'.

3. Check Log Files:

   • If the service is running, go to the 'Catalogic Guard Mode Agent' directory.

   • Locate and open the 'Logs' directory.

   • Open the latest log file and check for the desired log entry.

4. Reinstall GuardMode Agent (if necessary):

   • If the desired log appears in the file and issues persist, proceed to reinstall the GuardMode Agent.

This issue typically due to a compatibility conflict when GuardMode Agent is installed on systems that already have osquery or other auditing tools interfacing with the Linux audit system.

GuardMode Agent is designed for exclusive access to the audit system to function correctly and cannot operate concurrently with osquery, which also hooks into the audit system for event monitoring and logging. To prevent this issue, verify that osquery and any other tools that utilize the audit system are not installed or running on the system before installing GuardMode Agent.