Endpoint Standard: Unable to update signatures in proxy environment
search cancel

Endpoint Standard: Unable to update signatures in proxy environment

book

Article ID: 288654

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • The issue is observed in environments with proxy
  • Error:
confer.log
============
data\swreporter\90.262.200\em004_64.dll] StallId[27592] Pid[7128-132808189232590275] Tid[1f08] SignatureState[0x00000023] Publisher[ESET, spol. s r.o.] Issuer[Symantec Class 3 Extended Validation Code Signing CA - G2] CertError[0x00000000]
11/06/21 12:31:42.942: b84 INFO Av.Avt.UpdateServers.Get: Use offsite - , proxy 0, timeout 10000 ms
11/06/21 12:31:42.942: b84 INFO Av.Avt.UpdateServers.Get: No server available
11/06/21 12:31:42.942: b84 INFO Av.Avt.Manager: No update server available, ignore update
11/06/21 12:31:42.942: b84 WARNING Av.Avt.Manager: Could not queue the signature update at this time. Applying backoff and retry logic
  
upd.log:
========
2021/11/06 23:21:05(1170) -------------------------------------------------------------------------------------
2021/11/06 23:21:05(1170) version is 1.0.1.1
2021/11/06 23:21:05(1170) Initializing AV library
2021/11/06 23:21:05(1170) Param 0 C:\Program Files\Confer\scanner\upd.exe
2021/11/06 23:21:05(1170) Param 1 --no-config
2021/11/06 23:21:05(1170) Param 2 --quiet
2021/11/06 23:21:05(1170) Param 3 --no-dns-resolve
2021/11/06 23:21:05(1170) Param 4 --update-modules-list=VDF,AVE2
2021/11/06 23:21:05(1170) Param 5 --key-dir=.
2021/11/06 23:21:05(1170) Param 6 --master-file=/idx/master.idx
2021/11/06 23:21:05(1170) Param 7 --product-file=/idx/savapi4lib-win64-en.info.gz
2021/11/06 23:21:05(1170) Param 8 --install-dir=C:\Program Files\Confer\scanner\Data_0
2021/11/06 23:21:05(1170) Param 9 --internet-srvs=https://updates2.cdc.carbonblack.io/update2
2021/11/06 23:21:05(1170) Param 10 --proxy-id=OdASnqzUkPvbq6eWvY4YECyoFBpjEfflBGrHouFDXOQ=
2021/11/06 23:21:05(1170) Update use proxy --proxy-host=192.168.1.155:8080 0
2021/11/06 23:21:16(1170) Callback/Error: No other server, update aborted
2021/11/06 23:21:16(1170) Failed to call check for update: 48
2021/11/06 23:21:16(1170) Keeping intermedia vdf files...
2021/11/06 23:21:16(1170) Update finished with code 2

 

Environment

  • Endpoint Standard: 3.6.0.2076+ 
  • Carbon Black Cloud: All supported versions
  • Microsoft Windows: All supported versions

Cause

 Updater fails to update via proxy for hosts because it is unable to perform a DNS resolve.

Resolution

  • The issue is tracked under DSEN-15438 & will be fixed in some version of 3.8 for which there's no timeline available yet.
  • Workaround:
1. Manually run the upd.exe command (if done locally, it will require the system to be placed into bypass) AND the settings will NOT persist. 
C:\Program Files\Confer\scanner\upd.exe --no-config --quiet --update-modules-list=VDF,AVE2 --key-dir=. --master-file=/idx/master.idx --product-file=/idx/savapi4lib-win64-en.info.gz --install-dir="C:\Program Files\Confer\scanner\Data_0" --internet-srvs=http://updates2.cdc.carbonblack.io/update2 --proxy-host=*Insert Proxy Info Here*
2. If the above doesn't work ,then it would be required to uninstall / reinstall the sensor specifying their proxy information in the install string.
     

Additional Information

The release notes will be updated with the fix for DSEN-15438 once the version is released
Powered by Wolken Software