A large number of DYLD Injection violations are reported by Linux devices

Possible cause

Certain third-party applications, such as Splunk, Dynatrace, AppDynamics, and DataDog, try to preload modules (LD_PRELOAD environment variable for a process), causing DYLD Injection violation events for any process monitored by the application.

Possible solution

Do the following:

If you are using a version of the Aurora Protect Desktop agent earlier than 2.1.1574, upgrade to 2.1.1574 or later. Arctic Wolf strongly recommends upgrading to the latest available version of the agent to benefit from the latest enhancements.
Add Memory protection exclusions for the .so components that a third-party application tries to inject. Inspect the LD_PRELOAD variable to determine the .so components that you need to add exclusions for (“man ld.so” can provide some guidance). It is a best practice to contact the support resources for the third-party application to identify the applicable .so files.

Aurora Endpoint Security

Aurora Endpoint Security

A large number of DYLD Injection violations are reported by Linux devices

Possible cause

Possible solution

On this Page