Deep Security supports the following Linux kernel scopes:
- General kernel, which includes general-purpose Linux kernels available to all customers. These kernels are provided by supported operating system partners listed in Deep Security Agent platform compatibility. A kernel is not considered within the general scope if it is related to experimental (for example, CentOS Stream), appliances (for example, Exadata), community (for example, ELRepo), customized, and so on.
- Specific extended support kernel, which includes the following:
- Red Hat Enterprise Linux (RHEL). For information, see Extended Update Support (EUS).
- SuSE Enterprise Server (SLES). For information, see Long-Term Service Pack Support (LTSS).li
If a kernel is not within the preceding support scope, Deep Security cannot provide
a kernel support package.
Supported Linux kernels vary by the agent version:
- Deep Security Agent 20.0 Linux kernel support
- Deep Security Agent Feature Releases (12.5) Linux kernel support
- Deep Security Agent 12.0 Linux kernel support
- Deep Security Agent 11.3 Linux kernel support
- Deep Security Agent 11.2 Linux kernel support
- Deep Security Agent 11.1 Linux kernel support
- Deep Security Agent 11.0 Linux kernel support
- Deep Security Agent 10.3 Linux kernel support
- Deep Security Agent 10.2 Linux kernel support
- Deep Security Agent 10.1 Linux kernel support
- Deep Security Agent 10.0 Linux kernel support
- Deep Security Agent 9.6 SP1 Linux kernel support
- Deep Security Agent 9.5 SP1 Linux kernel support
You can also use a JSON version of the complete list of the supported Linux kernels each agent version with scripts
and automated workflows.
Disable optional Linux kernel support package updates 
In previous agent versions, the kernel driver update process always downloaded the
latest kernel support package from the relay when an agent was restarted or the computer
rebooted. However, unless you have upgraded the kernel, the agent often does not need
to update its kernel support package. Therefore for agent 20.0.0-3067+, you can disable
optional kernel support package updates to improve performance.
Disable kernel support package updates on one computer
Procedure
- In the Server & Workload Protection console, go to Computers.
- Double-click the computer where you want to disable kernel support package updates (or select the computer and then Details).
- Select Settings. From Automatically update kernel package when agent restarts, select No.
- Save your changes.
Disable kernel support package updates on multiple computers
Procedure
- In the Server & Workload Protection console, go to Policies.
- Double-click the policy that protects multiple computers where you want to disable kernel support package updates (or select the policy and then Details).
- Select Settings. From Automatically update kernel package when agent restarts, select No.
- Save your changes.