search cancel

Integrated Cyber Defense Exchange SEPM collector error after upgrade to 1.4.1

book

Article ID: 198256

calendar_today

Updated On:

Products

Integrated Cyber Defense Exchange

Issue/Introduction

Some time after upgrading the Integrated Cyber Defense Exchange (ICDx) product to 1.4.1, the following error may occur:

Database query 0060_AgentSystemLogQuery failed. Incorrect syntax near '/'.

 

Environment

Release : 1.4.1

Component : SEPM collector

Cause

There is a known issue with the SEPM collector shipped with 1.4.1 release.

Resolution

To resolve this issue you will need an updated Symantec Endpoint Portection Manager (SEPM) collector preview file to replace the problematic collector. The file, sepm_col_dx-3.7.20-796.tar.gz, is attached to the bottom of this article.

  1. To stop any running SEPM collectors, in the ICDx web interface, do the following:
    • On the ICDx navigation bar, click Configuration.
    • Next to any running SEPM collectors, under Options, click More > Stop.
  2. SSH to the ICDx server.
  3. Start a shell as the icdx user that was set during installation.
    • The default user is: icdx
    • For example: sudo -su icdx
  4. Extract the collector archive file to the $SYMC_HOME directory set during installation.
    • The default directory is: /opt/symantec/icdx
    • For example: tar -xzf sepm_col_dx-<version>.tar.gz -C $SYMC_HOME
  5. Install the collector using the ICDx launcher_dx command.
    • For example:
    • $SYMC_HOME/launcher_dx-<version>/bin/launcher_dx -c $SYMC_HOME/sepm_col_dx-<version>/installer.json
  6. To update the currently working collector, you need to update the Symantec Endpoint Protection Manager configurations.
    • On the ICDx navigation bar, click Configuration.
    • Next to any SEPM collectors, click More > Edit.
    • In the configuration edit screen, toggle the Startup Type to something different, so that the Save button becomes enabled.
    • With the save button enabled, toggle the Startup Type back to its previous selection so no actual changes are made to the configuration.
    • Click Save to update the collector with the newly installed package.
    • Repeat step 6 for any remaining SEPM collectors.
  7. To start any SEPM collectors, in the ICDx web interface, do the following: 
    • On the ICDx navigation bar, click Configuration.
    • Next to any SEPM collectors, under Options, click More > Start.

Additional Information

The sepm_col_dx-3.7.20-796.tar.gz file is a temporary preview version of the collector that will be released in the next Integrated Cyber Defense Exchange product version release. This file is not meant to take the place of a full product version update when it is available.

Attachments

1598557333749__sepm_col_dx-3.7.20-796.tar.gz get_app