Endpoint Standard: Signature Updates Fail With Default Settings
search cancel

Endpoint Standard: Signature Updates Fail With Default Settings


Article ID: 288876


Updated On:


Carbon Black Cloud Endpoint Standard (formerly Cb Defense)


  • Signature definitions are out of date as reported in the Console
  • Signature definitions may never update or only update periodically
  • The URL is open through proxy and/or firewall
  • The upd.log may include the following error
    Param 9 --internet-srvs=http://updates2.cdc.carbonblack.io/update2
    Callback: No other server, update aborted
    Failed to call check for update: 48
    Update finished with code 2
  • The confer.log may show the following errors
    Av.Avt.UpdateServers.GetServerType: on site
    Av.Avt.UpdateServers.DoCheck: Found http://updates2.cdc.carbonblack.io/update2, time 0.XXXXXXXX, proxy off
    Av.Avt.UpdateServers.Get: on site - http://updates2.cdc.carbonblack.io/update2,, proxy 0, local 0, master 0
    Av.Avt.Signature: Update started, it may take a while
    Av.Avt.Signature: Failed to update, error 2
  • Pcaps may show the http session initializing successfully and the Sensor successfully downloading the master.idx file and other .info.gz files 
  • The session will end without error and close out 120 seconds later


  • Carbon Black Cloud (formerly known as CB Defense PSC)Console: 0.45 and higher
  • Endpoint Standard(formerly known as CB Defense): 3.3.x.x and higher
  • Microsoft Windows: All supported versions
  • Local Scanner installled and enabled by policy to use CB servers for updates


  • There is likely something in the perimeter firewall or proxy configuration affecting downloads through http sessions
  • The Local Scanner settings default to http sessions for both onsite and offsite update servers


Configure the Local Scanner policy to use https for Signature updates
  1. Select Enforce > Policies
  2. Select the affected policy
  3. Select the Local Scanner tab
  4. Click the Add button for "UPDATE SERVERS FOR INTERNAL DEVICES"
  5. Use the same URL and change the protocol to https
  6. Either mark as the Preferred Server by checking the Preferred Servers box or deleting the entry for http
  7. Save policy changes (It may be helpful to update the Sensor UI message so policy change can be confirmed)
  8. Either run update manually with RepCLI or allow the Sensor to update on schedule and monitor results

Additional Information

  • Sensor versions previous to 3.3.x.x will not be able to update signatures over an https session
  • The settings for offsite update servers can also be changed to https if desired
  • If issues persist and no evidence of traffic blocks is present, please open a support case for assistance