• Troubleshooting signature packs reporting out of date issues
• Signatures are displaying red triangle status on checking in sensors

• Endpoint Standard Console: All Supported Versions
• Endpoint Standard Sensor: All Supported Versions

Troubleshooting from the Console

1. Verify the device(s) are actively connecting to the backend by confirming the "Last Check-in" time on the inventory page.
2. Expand the "Signature Status" Filter".
   • Note how many devices are "Up to date" vs "Out of Date"
3. Note that anything within 7 days is not of high concern, so they can be filtered out:
   1. Select the filter "Out of Date"
   2. Search for devices that have checked in within 7 days
4. Are there any differences between the devices that are "out of date" vs "Up to date"?
   • Note if this is a global issue or related to endpoints on a specific network, operating system, or policy
5. Navigate to Enforce > Policies > <PolicyName> Local Scan tab
   1. Confirm "On-Access File Scan Mode" is NOT disabled 
   2. Confirm "Allow Signature Updates" is enabled
   3. Confirm the update server "https://updates2.cdc.carbonblack.io/update2" has been added
      
      1. Note this requires sensor version 3.3.x.x and above
   1. For more frequent update attempts set 'Frequency' to 2 hours/'Randomization Window' to 1 hour

Troubleshooting from the Sensor

1. Test the connect to the Signature Update URL
   • Confirm firewall exceptions are in place and SSL Inspection is not occurring
2. If the issue still occurs, collect sensor logs and contact support

• Enterprise EDR sensors won't have Signature Packs without Endpoint Standard as the Local Scanner is an ES feature
• The latest VDF versions can be determined using this process
• If "On-Access File Scan Mode" is disabled then the "Signature Status" will not update even if the sensor is downloading the signature packs