search cancel

Common Cynic errors

book

Article ID: 174442

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

This table contains common Cynic errors and possible solutions.

Resolution

 


Error or Symptom
 
Solution

GET_FILE_FROM_SEPM during submit_to_sandbox command
-or-
'Get a File' requests from SEDR fail

Please review your SEPM Controller settings and verify that no passwords, hostnames or IPs have changed.
See: 'Get a File' requests from Advanced Threat Protection fail
Central manager logs contain errors around deserialization of a get_file_for_cynic command

Please update to SEDR 4.1.0, which contains a fix for this issue.
See: Central manager logs are showing errors around deserialization of a get_file_for_cynic command

UI Logging shows submit_to_sandbox command does not progress past status code "3: Started"
Please update from ATP 3.x to SEDR 4.0.0 or later.
If you are not able to upgrade immediately, please contact support to confirm and work around this issue.
See: UI Logging shows submit_to_sandbox command does not progress past status code "3: Started"
 


Targeted Attack Analytics service failed to get Cynic credentials
 

Please upgrade to Symantec Endpoint Detection and Response 4.0.0 or later.
See: Targeted Attack Analytics service failed to get Cynic credentials

Error: Cynic query failed
 

This issue can be resolved by reinstalling the ATP license to the ATP Manager.  Changing the Cynic Sandboxing to "Use United Kingdom regional instance only", then un-selecting it also works.
See: Cynic file submission failed
 
ERROR_REQUEST_TIMEOUT
Verify firewall/proxy are allowing traffic, for more information
See: Required firewall ports
 

Cannot Manually Submit Files to Cynic - Portal Reports License as Invalid
 

The current workaround is to create a new user with a different email address to log into the Cynic portal. Do not use an existing MSS or DeepSight account to access the service.
See: Cannot Manually Submit Files to Cynic - Portal Reports License as Invalid
 

Error: File size of "size" is over limit
 
Currently it is not possible to submit files to Cynic that are larger than 10MB.

When submitting files to Cynic from the Advanced Threat Protection appliance, you receive different results if the file is slightly changed to alter the hash
 

Due to unpredictability of live malware, there is no guarantee of consistent behavior. Many viruses, trojans and worms attempt various actions based on a number of different criteria. The main focus should be whether the malicious verdict of the file is accurate or not.

If you suspect a False Positive or Missed Detection from Cynic, please review this KB document for submitting the file to Symantec Security Response for analysis

See: When submitting files to Cynic from the Advanced Threat Protection appliance, you receive different results if the file is slightly changed to alter the hash