logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Cb Defense: VDF Versions Are Not Updating With Sensor 3.2

Cb Defense: VDF Versions Are Not Updating With Sensor 3.2

Environment

  • Cb Defense Web Console: All Versions

  • Cb Defense Sensor: Version 3.2.0.213

  • Microsoft Windows: All Supported Versions

 

Symptoms

  • Sensor upgraded to 3.2.0.213 from an earlier version
    • VDF versions are no longer updating
  • New install of 3.2.0.213 sensor
    • VDF versions do not update beyond initial signature pack download
  • Sensor Management shows old VDF versions
  • Using default update server or Local Mirror

 

Cause

Issue in 3.2.0.213 sensor

 

Resolution

  • 3.2.0.213 sensor has been removed from the product; New version containing a fix will be uploaded once available
  • If you haven't yet installed or updated to 3.2.0.213 sensor, hold off on doing that and use 3.1 sensor as the latest available version
  • If you have installed or updated to 3.2.0.213 sensor and signature updates are an important feature in your organization, roll back to sensor 3.1 until a fix is available
  • If you choose to stay on 3.2.0.213, consider enabling Submit unknown binaries for analysis (Cloud Analysis) and Delay Execute for Cloud Scan​ policy settings; You can also manually trigger a one-time signature update in one of the following ways:

 

Uninstall/Reinstall

  1. Uninstall sensor
  2. If sensor does not fully uninstall, use the sensor removal tool in Cb Defense: How to Uninstall Windows Sensor
  3. Reinstall sensor

 

Force Signature Update

  1. Place Sensor into Policy where local scanner is disabled

  2. Place Sensor in Bypass mode

  3. With Admin Privileges Delete

    C:\Program Files\Confer\scanner\Data_0\

    C:\Program Files\Confer\scanner\Data_1\

    C:\Program Files\Confer\scanner\tmp\

    C:\Program Files\Confer\scanner\idx\

  4. Run the following from an admin Command prompt from the C:\Program Files\Confer\scanner\ directory (allow time for this to complete, it has to download a full vdf package this will take a few minutes)

    upd.exe --no-config --quiet --no-dns-resolve --update-modules-list=VDF,AVE2 --key-dir=. --master-file=/idx/master.idx --product-file=/idx/savapi4lib-win64-en.info.gz --install-dir="C:\Program Files\Confer\Scanner\Data_0" --internet-srvs=http://updates.cdc.carbonblack.io/update

  5. From Admin Command Prompt run

    SC Stop CbDefense (wait a few seconds for the service to shut down then Run )

    SC Start CbDefense

  6. Verify CbDefense is up and running and checking into the console and reporting proper VDF version.

  7. Disable Bypass of the sensor.

 

Additional Notes

If you require further assistance, please open a Support case.

 

Related Content

CB Defense 3.2 Windows Sensor Signature Pack Update Issue

Cb Defense Sensor 3.2 Windows Release Notes

Cb Defense Sensor 3.1.0 Windows Release Notes

Cb Defense: Verify the Latest Local Scanner Signature Version

Cb Defense: How to Uninstall Windows Sensor

 

Internal reference: EA-12555

Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
sdurney
Creation Date:
‎06-20-2018
Views:
2950
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.