Nextron Aurora EDR agent shows \Pr Error

Problem

During start of Nextrons Aurora EDR lite agent the programm shows the following error message:

PS C:\Program Files\Aurora-Agent> aurora-agent-64.exe --dashboard
      ___                                  __    _ __
     /   | __  ___________  _________ _   / /   (_) /____
    / /| |/ / / / ___/ __ \/ ___/ __ `/  / /   / / __/ _ \
   / ___ / /_/ / /  / /_/ / /  / /_/ /  / /___/ / /_/  __/
  /_/  |_\__,_/_/   \____/_/   \__,_/  /_____/_/\__/\___/


  Aurora Agent Lite Version 1.2.1 (9da9fbf29275c), Signature Revision 2024/08/10-134221 (Sigma r2024-07-17-29-gace902b68)
  (C) Nextron Systems GmbH, 2022

Aug 10 19:51:16 clw11c493 AURORA: Error MODULE: EventDistributor MESSAGE: Could not parse process exclude ERROR: error parsing regexp: invalid character class range: `\Pr` LINE: error parsing regexp: invalid character class range: `\Pr`
Aug 10 19:51:16 clw11c493 AURORA: Error MODULE: EventDistributor MESSAGE: Could not parse process exclude ERROR: error parsing regexp: invalid character class range: `\Pr` LINE: error parsing regexp: invalid character class range: `\Pr`
Aug 10 19:51:16 clw11c493 AURORA: Error MODULE: EventDistributor MESSAGE: Could not parse process exclude ERROR: error parsing regexp: invalid character class range: `\Pr` LINE: error parsing regexp: invalid character class range: `\Pr`


Solution

Your "process-excludes.cfg" (C:\Program Files\Aurora-Agent\config\process-excludes.cfg) configurations probably has a missing escaping "\" in the process-path (aurora searches for those process paths using regular expression):

Wrong:
^"C:\Program Files (x86)\

Correct:
^"C:\\Program Files (x86)\\
 

at No comments:
Labels: , , ,
Subscribe to: Posts (Atom)

Nextron Aurora EDR agent shows \Pr Error

Problem During start of Nextrons Aurora EDR lite agent the programm shows the following error message: PS C:\Program Files\Aurora-Agent...