Troubleshooting Endpoint Detection and Response's update process
search cancel

Troubleshooting Endpoint Detection and Response's update process


Article ID: 169918


Updated On:


Endpoint Detection and Response


When you update Endpoint Detection and Response (EDR) to a new version, the upgrade seems to hang.


Endpoint Detection and Response (either virtual machine or appliance), formerly known as Advanced Threat Protection (ATP) Platform



To check the status of the update

Run the following command, at the command line interface (CLI), to check the status of the update:

update status


Repairing a failed update

If the update failed, clear the failed update, and manually download and install the update.

To clean up and download the update:

  1. In the CLI, run the following command:
    update clean_all
  2. Once that command completes, run the following command to download and cache the install package:
    update download
    Note: If you connect to the CLI with PuTTY, do not close the session during this process.

If the update download fails or does not complete in a reasonable time, you can dump the packets from the network interface to help determine why the download is slow or stopped. A 15-minute packet dump should provide sufficient data. You can use the following command to create the packet dump:

tcpdump -s 0 -q -C 20 -w eth0.pcap -i eth0 -Z root

After about 15 minutes, press CTRL+C to stop the packet capture. The packet capture file appears in the directory from which you ran the command, and has the name "eth0.pcap".


To install the cached package

  1. If the download completes successfully, install the package with the following command:
    update install
    Note: The install command prompts for a reboot when it completes:
  2. After the reboot, allow sufficient time for the processes to load. If the message "Under construction" appears when you attempt to connect, the startup is not complete. After all processes are started, you can log in to the console.


If update install is hung or failed, run the following command, as the Support account, to verify that the update processes are running:

ps -elf | grep update | grep -v grep

If there are no update processes running, run the following command, and then restart the package installation:

update clean_lock