Integrated Cyber Defense Exchange SEPM collector error after upgrade to 1.4.1

book

Article ID: 198256

calendar_today

Updated On:

Products

Integrated Cyber Defense Exchange

Issue/Introduction

Some time after upgrading the Integrated Cyber Defense Exchange (ICDx) product to 1.4.1, the following error may occur:

Database query 0060_AgentSystemLogQuery failed. Incorrect syntax near '/'.

 

Cause

There is a known issue with the SEPM collector shipped with 1.4.1 release.

Environment

Release : 1.4.1

Component : SEPM collector

Resolution

To resolve this issue you will need an updated Symantec Endpoint Portection Manager (SEPM) collector preview file to replace the problematic collector. The file, sepm_col_dx-3.7.20-796.tar.gz, is attached to the bottom of this article.

  1. To stop any running SEPM collectors, in the ICDx web interface, do the following:
    • On the ICDx navigation bar, click Configuration.
    • Next to any running SEPM collectors, under Options, click More > Stop.
  2. SSH to the ICDx server.
  3. Start a shell as the icdx user that was set during installation.
    • The default user is: icdx
    • For example: sudo -su icdx
  4. Extract the collector archive file to the $SYMC_HOME directory set during installation.
    • The default directory is: /opt/symantec/icdx
    • For example: tar -xzf sepm_col_dx-<version>.tar.gz -C $SYMC_HOME
  5. Install the collector using the ICDx launcher_dx command.
    • For example:
    • $SYMC_HOME/launcher_dx-<version>/bin/launcher_dx -c $SYMC_HOME/sepm_col_dx-<version>/installer.json
  6. To update the currently working collector, you need to update the Symantec Endpoint Protection Manager configurations.
    • On the ICDx navigation bar, click Configuration.
    • Next to any SEPM collectors, click More > Edit.
    • In the configuration edit screen, toggle the Startup Type to something different, so that the Save button becomes enabled.
    • With the save button enabled, toggle the Startup Type back to its previous selection so no actual changes are made to the configuration.
    • Click Save to update the collector with the newly installed package.
    • Repeat step 6 for any remaining SEPM collectors.
  7. To start any SEPM collectors, in the ICDx web interface, do the following: 
    • On the ICDx navigation bar, click Configuration.
    • Next to any SEPM collectors, under Options, click More > Start.

Additional Information

The sepm_col_dx-3.7.20-796.tar.gz file is a temporary preview version of the collector that will be released in the next Integrated Cyber Defense Exchange product version release. This file is not meant to take the place of a full product version update when it is available.

Attachments

1598557333749__sepm_col_dx-3.7.20-796.tar.gz get_app