Policy update failed with -94

Policy update failed with -94

0
Created On 01/25/19 20:39 PM - Last Modified 07/19/22 23:12 PM


Symptom


After Traps installation on mac OS - Malware Protection module and\or Exploit Protection module appear as [Disabled] and agent fails to communicate with ESM\TMS.

User-added image

The following errors may appear in the Traps agent Trapsd.log
 [76:1959 #6:6] {trapsd:LibIpc Heartbeat(scheduled)} <Error> Failed to set bulk policy, err=4, msg=Deadline Exceeded
 [76:1959 #6:6] {trapsd:Policy Heartbeat(scheduled)} <Error> Low-Level policy update failed with -94

You may additionally see the following error in the Traps pmd.log or trapsd.log:
[11184:374040 Main:0] {pmd:PMD } <Info> Loading kext is blocked by system policy, will retry until user approves...

User-added image
 

Environment


mac OS 10.13 and newer

Cause


Starting with 10.13 Apple added a kernel driver approval mechanism. If the kernel extension is not approved the agent will be disabled until approval.
See article link: https://docs.paloaltonetworks.com/traps/5-0/traps-agent-admin/traps-agent-for-mac/install-the-traps-agent-for-mac#id17CTE090LJV

Resolution


Open the "System Preferences" and click on Security & Privacy button.
There should be a line stating to approve the Palo Alto Networks kernel extension. Approve the extension and then, if Traps is still not working, restart the machine.


User-added image

Once the extension is approved and endpoint is rebooted the Traps console should show that Protection is now [Enabled].

User-added image
 

Additional Information


If the issue persists please contact Support.
Other users also viewed:
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000CmfRCAS&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail