Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Update Virus Definition Files With RepCLI

Endpoint Standard: How to Update Virus Definition Files With RepCLI

Environment

  • Carbon Black Cloud Sensor: 3.3 and Higher
  • Microsoft Windows: All Supported Versions

Objective

Update Virus Definition Files using the RepCLI utility.

Resolution

Sensor Version 3.6 and Higher
  1. Launch Command Prompt.
  2. Execute the following command to force a signature update
    "C:\Program Files\Confer\RepCLI.exe" localscanner updatesignature -wait
    
    Success Message: The signature update has finished
    Failure Message: Error: The signature update has failed, see upd.log and confer.log for more details. Command failed
 
Sensor Version 3.5 and Lower
  1. Log into the machine with a user account that matches the AD User or Group SID configured at the time of Sensor install.
    Note: For 3.5 Sensors, Step 1 can be ignored as RepCLI Authentication is not required to run the UpdateAvSignature command.
  2. Launch Command Prompt.
  3. Execute the following command to force a signature update.
    "C:\Program Files\Confer\RepCLI.exe" UpdateAvSignature -wait
    
    Success Message: The request of AV signature update has been requested
    Failure Message: Error: Failed to trigger the signature update, see confer.log for more details Command failed

Additional Notes

  • As of the 3.5 Sensor, command line signature updates no longer require RepCLI Authentication and can be run as a script or scheduled task.
  • Virus Definition Files are required only when "On-access file scan mode" is set to Normal or Aggressive.
  • If the "Allow signature updates" Policy setting is Disabled, signature updates via RepCLI will fail.

Related Content


Was this article helpful? Yes No
80% helpful (4/5)
Article Information
Author:
Creation Date:
‎11-27-2018
Views:
20846
Contributors