Some time after upgrading the Integrated Cyber Defense Exchange (ICDx) product to 1.4.1, the following error may occur:

Database query 0060_AgentSystemLogQuery failed. Incorrect syntax near '/'.

There is a known issue with the SEPM collector shipped with 1.4.1 release.

Release : 1.4.1

Component : SEPM collector

To resolve this issue you will need an updated Symantec Endpoint Portection Manager (SEPM) collector preview file to replace the problematic collector. The file, sepm_col_dx-3.7.20-796.tar.gz, is attached to the bottom of this article.

1. To stop any running SEPM collectors, in the ICDx web interface, do the following:
   • On the ICDx navigation bar, click Configuration.
   • Next to any running SEPM collectors, under Options, click More > Stop.
2. SSH to the ICDx server.
3. Start a shell as the icdx user that was set during installation.
   • The default user is: icdx
   • For example: sudo -su icdx
4. Extract the collector archive file to the $SYMC_HOME directory set during installation.
   • The default directory is: /opt/symantec/icdx
   • For example: tar -xzf sepm_col_dx-<version>.tar.gz -C $SYMC_HOME
5. Install the collector using the ICDx launcher_dx command.
   • For example:
   • $SYMC_HOME/launcher_dx-<version>/bin/launcher_dx -c $SYMC_HOME/sepm_col_dx-<version>/installer.json
6. To update the currently working collector, you need to update the Symantec Endpoint Protection Manager configurations.
   • On the ICDx navigation bar, click Configuration.
   • Next to any SEPM collectors, click More > Edit.
   • In the configuration edit screen, toggle the Startup Type to something different, so that the Save button becomes enabled.
   • With the save button enabled, toggle the Startup Type back to its previous selection so no actual changes are made to the configuration.
   • Click Save to update the collector with the newly installed package.
   • Repeat step 6 for any remaining SEPM collectors.
7. To start any SEPM collectors, in the ICDx web interface, do the following: 
   • On the ICDx navigation bar, click Configuration.
   • Next to any SEPM collectors, under Options, click More > Start.

The sepm_col_dx-3.7.20-796.tar.gz file is a temporary preview version of the collector that will be released in the next Integrated Cyber Defense Exchange product version release. This file is not meant to take the place of a full product version update when it is available.