Comment 10 for bug 1848330

Apologies - I don't remember the full specifics here but IIRC, the Mandiant FireEye HX agent foolishly re-implements Linux Audit, and it's every bit as terrible as that sounds. We discovered that we needed to basically purge both FireEye HX and Auditd on the system, then install Auditd, then disable it entirely, then allow the travesty of having the FireEye HX agent run it's own auditd daemon which clobbers the OS auditd. Yikes. And yes we filed a "please don't do such ugly things with core Linux services" request with their support. :/