Common Cynic errors
search cancel

Common Cynic errors

book

Article ID: 174442

calendar_today

Updated On:

Products

Endpoint Detection and Response Advanced Threat Protection Platform

Issue/Introduction

This table contains common Cynic errors and possible solutions.

Resolution

 


Error or Symptom
 		 Solution

GET_FILE_FROM_SEPM during submit_to_sandbox command
-or-
'Get a File' requests from SEDR fail

 Please review your SEPM Controller settings and verify that no passwords, hostnames or IPs have changed.
See: 'Get a File' requests from Advanced Threat Protection fail
Central manager logs contain errors around deserialization of a get_file_for_cynic command

Please update to SEDR 4.1.0, which contains a fix for this issue.
See: Central manager logs are showing errors around deserialization of a get_file_for_cynic command
UI Logging shows submit_to_sandbox command does not progress past status code "3: Started"
Please contact Broadcom Support to troubleshoot this issue.


Targeted Attack Analytics service failed to get Cynic credentials
 

 Please contact Broadcom Support to troubleshoot this issue.

Error: Cynic query failed
 
This issue can be resolved by reinstalling the ATP license to the ATP Manager.  Changing the Cynic Sandboxing to "Use United Kingdom regional instance only", then un-selecting it also works.
See: Cynic file submission failed
 
ERROR_REQUEST_TIMEOUT
Verify firewall/proxy are allowing traffic, for more information
See: Required firewall ports
 
Error: File size of "size" is over limit Currently it is not possible to submit files to Cynic that are larger than 10MB.

When submitting files to Cynic from the Advanced Threat Protection appliance, you receive different results if the file is slightly changed to alter the hash
 		 Due to unpredictability of live malware, there is no guarantee of consistent behavior. Many viruses, trojans and worms attempt various actions based on a number of different criteria. The main focus should be whether the malicious verdict of the file is accurate or not.

If you suspect a False Positive or Missed Detection from Cynic, please review this KB document for submitting the file to Symantec Security Response for analysis

See: When submitting files to Cynic from the Advanced Threat Protection appliance, you receive different results if the file is slightly changed to alter the hash

 

Powered by Wolken Software