SEP for CWP installs in self-manage mode
search cancel

SEP for CWP installs in self-manage mode

book

Article ID: 208493

calendar_today

Updated On:

Products

Cloud Workload Protection

Issue/Introduction

SEP for CWP installs in self-managed mode on agent

 

Environment

SEP 14.3 RU1 (14.3.3384.1000)

CWP agent 6.8.1.207

Cause

1. This can happen when the server cannot reach out to the API gateway.

https://usea1.r3.securitycloud.symantec.com:443
(Symantec cloud API gateway for the agents to upload its events to the Symantec cloud server.)

 

2. Another condition that can cause this problem to occur is rebooting the computer too early. 


Explanation: When installed via the primary batch file "InstallAgent.bat" the CWP/DCS component is installed first. When it exits installation it reports back to the batch file that it has completed installation. However the SEP component may still be silently installing in the background.  If the computer is rebooted immediately that process gets interrupted and does not resume after the reboot is completed.

 

3. The version of PowerShell on the instance is not 3.0. CWP needs at least PowerShell 3.0 to enroll in the cloud.

 

4. CMD is unable to run powershell, showing an error: " 'powershell' is not recognized as an internal or external command, operable program or batch file. "

Resolution

1. (for cause #1)

  1. Check the firewalls rules to ensure enrollment is not being blocked. Review firewall rules: https://techdocs.broadcom.com/us/en/symantec-security-software/endpoint-security-and-management/cloud-workload-protection/1-0/Getting_Started_1/firewall-requirements-in-v121465361-d187e8066.html
  2. Delete the CAFStorage.ini file  (C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\Common Agent Framework\CAFStorage.ini)
  3. Restart the CAF service to trigger the CAF agent enrollment.
  4. Check to see if the CAFStorage.ini file was recreated in the directory.
  5. Check the CWP portal if the agent status is reporting as 'installed'.


2. (for cause #2)

  1. Uninstall the SEP component "Symantec Endpoint Protection Cloud" via Control Panel
  2. Uninstall "Cloud Workload Protection" component.
  3. Restart the computer.
  4. Install the agent components again via "InstallAgent.bat".  When the batch process exits under "########### End of Installation Script ############"  WAIT at least 5 minutes.
  5. Reboot the machine

3. (for cause #3)

     a. Update PowerShell to => 3.0

4. (for cause #4)

     a. Add the environmental variable to allow CMD to run PowerShell. A reboot may be necessary for changes to update.

Powered by Wolken Software