Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Defense: Local Mirror Update Servers Not Updating Since August 1 (Windows)

CB Defense: Local Mirror Update Servers Not Updating Since August 1 (Windows)

Environment

  • CB Defense PSC Console: All Versions
  • CB Defense Local Mirror Server: Version 2.2 and Lower
    • Microsoft Windows: All Supported Versions
  • CB Defense PSC Sensor: 2.0.x.x and Higher
    • Microsoft Windows: All Supported Versions

Symptoms

  • The Local Mirror server has not been able to update Signature pack versions since August 1, 2019
  • Tests to reach CB Update Servers fail
  • Most recent date modified on master.idx file (C:\inetpub\wwwroot\<LocalMirrorFolder>\idx\) is August 1, 2019

Cause

This is related to a known issue with Signature Pack updates

Resolution

  1. Ensure traffic to the new Signature Update Server URL is allowed through proxies and firewalls without packet inspection (TCP/80 or TCP/443)
    updates2.cdc.carbonblack.io
  2. Disable Mirror Server
    1. Turn off the automated scheduling of `do_update.bat` (Windows Task Scheduler > Select Task > End and Disable)
    2. Stop IIS Website
      1. Open IIS Manager
      2. Expand Sites
      3. Right-click Site Name > Manage Website > Stop
  3. Update Mirror Server
    1. Download the latest mirror server package for Windows from CB Defense: Local Mirror Server for Signature Updates
    2. Extract the zip file and replace the matching files in the IIS directory with zip file contents
      C:\inetpub\wwwroot\<LocalMirrorFolder>
    3. Open do_update.bat and set 'outdir' to the path above (If it is desired to use SSL, use do_update_ssl.bat)
      SET outdir=C:\inetpub\wwwroot\<LocalMirrorFolder>
    4. Turn on the automated scheduling of `do_update.bat` (Windows Task Scheduler > Select Task > Enable and Run)
    5. If desired, SSL communications between the Local Mirror and CB update servers can be enabled by using `do_update_ssl.bat` instead of `do_update.bat`
    6. Verify that updates occurred in Local Mirror Server directory by inspecting Date modified
      C:\inetpub\wwwroot\<LocalMirrorFolder>\idx\master.idx
  4. Download the latest Signature pack (20180816 or higher) as described in CB Defense: How to Download the AV Signature Pack
  5. Deploy the new pack to all endpoints using your preferred systems management application: CB Defense: How to Silently Install the AV Signature Pack
NOTE: If doing an interactive installation of the Signature Pack, you may receive "Failed to notify signature pack ready, error 5" message, which is safe to ignore; No error will be displayed or logged in case of silent installation.
  1. Re-enable Local Mirror by starting IIS Website
    1. Open IIS Manager
    2. Expand Sites
    3. Right-click Site Name > Manage Website > Start
  2. Verify that signatures are updating on Sensors: CB Defense: How to verify AV Signatures are updating
  3. If signature updates have not resumed 24 hours after applying the solution, please open a support case

Additional Notes


Related Content


Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1413
Contributors