search cancel

ATP appliance might appear to be stuck during CLU upgrade install or following message might be presented "An error occurred during software update"

book

Article ID: 163893

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

Advanced Threat Protection (ATP) upgrade is started. After a very long period of time update still appears to continue, as the GUI displays following message:

Option unavailable. Update in progress under Status column in Settings -> Appliances.

 

Closer inspection of appliance status by going in the GUI to the particular appliance settings and checking the appliance status there might reveal further message:

An error occurred during software update. Run "update status" from command-line for details.

 

The status_check command in admin CLI appears to show that the swupdate.brightmail.com server is available.

 

Running update status from admin CLI might display following:

YYYY/MM/DD HH:MM:SS UTC: Last software update status - Download failed.

Next steps:

[...]

 

Running command less /var/log/symantec/sgs-td/update.log from admin CLI might reveal some or all of the following errors:

  • do_download Error code: 1
  • [Errno 256] No more mirrors to try
  • [Errno 14] curl #7 - "Failed connect to swupdate.brightmail.com:443; Operation now in progress"
  • [Errno 14] curl #35 - "TCP connection reset by peer"
  • [Errno 14] curl #18 - "Transfer closed with XXXXXX bytes remaining to read"

 

Cause

An intervening proxy or network device interfered with network traffic during the the download of the files, particularly in the portion of the download that contains virus definitions.

Because our download contains patterns which tell the appliance software what to look for when scanning network traffic for possible viruses, when another security device scans the download, it may identify the file is malicious. This is a common occurrence when using multiple measures to identify malware, even when using different vendors for different scanning points, such as vendor1 for endpoint scanning and vendor2 for scanning streams of network traffic.

Resolution

Symantec is aware of this issue and will update this document when a solution becomes available. It is not necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates.

 

Following commands from admin CLI should be able to resolve the issue and allow upgrade to complete successfully:

  1. Type: update clean_all
  2. Type: update list
  3. Type: update download
  4. Type: update status
  5. Type: update install

 

If symptoms persist, check your network proxy and intervening network devices for antivirus scanning measures and if needed, exclude swupdate.brightmail.com from scanning.