The SonicWallLoggingService is crashing in Capture Client 3.9.0 Installer

First Published:09/10/2024 Last Updated:09/10/2024

We have identified an issue in the Capture Client Windows and macOS 3.9.0 agent running on certain endpoints that can cause the “SonicWallLoggingService”service to crash; despite being automatically restarted, it crashes again. This service is responsible for sending Capture Client logs from the endpoint to the Capture Client Cloud Management console (CMC). 

As a result of this issue, affected endpoints won’t be able to send Web Content Filtering and Device Logs to the CMC. This will render the dashboard widgets blank and the Web Activity logs pages empty (as seen below) 

Image

Image

Resolution

The fix for this issue has already been identified and a new Capture Client 3.9.1 Agent for Windows and macOS will be released shortly. 

For Customers that have already deployed Capture Client 3.9.0 Agent for Windows or macOS

If you are using the Web Content Filtering feature, it is recommended to uninstall the agent and reinstall the corresponding Capture Client 3.8.0 Agent to continue using this feature with functional logging and reporting.

To minimize the spread of this issue, SonicWall will be retracting the Capture Client 3.9.0 Agent for Windows and macOS from all CMC deployments:

  • The installer for the Capture Client 3.9 Agent for Windows and macOS will no longer be available for download.
  • Administrators will not be able to configure the preferred version as Capture Client 3.9 Agent for Windows and macOS in the Client Policy.
  • Client Policies that have already been configured with Capture Client 3.9 Agent for Windows and macOS will be reset to an empty value. 

FAQ

  1. Does this issue impact the performance of my endpoint?
    At this time, there is no known impact to performance of the endpoint
  2. Does this issue put my endpoints at risk?
    No, this issue doesn’t change the threat policy configuration either on the CC agent or CMC, meaning your endpoints will remain protected based on your current client policy configuration.