Environment

• CB Defense PSC Console: All Versions
• CB Defense Local Mirror Server: Version 2.2 and Lower
  • Microsoft Windows: All Supported Versions
• CB Defense PSC Sensor: 2.0.x.x and Higher
  • Microsoft Windows: All Supported Versions

Symptoms

• The Local Mirror server has not been able to update Signature pack versions since August 1, 2019
• Tests to reach CB Update Servers fail
• Most recent date modified on master.idx file (C:\inetpub\wwwroot\<LocalMirrorFolder>\idx\) is August 1, 2019

Cause

Resolution

1. Ensure traffic to the new Signature Update Server URL is allowed through proxies and firewalls without packet inspection (TCP/80 or TCP/443)

   updates2.cdc.carbonblack.io

2. Disable Mirror Server
   1. Turn off the automated scheduling of `do_update.bat` (Windows Task Scheduler > Select Task > End and Disable)
   2. Stop IIS Website
      1. Open IIS Manager
      2. Expand Sites
      3. Right-click Site Name > Manage Website > Stop
3. Update Mirror Server
   1. Download the latest mirror server package for Windows from CB Defense: Local Mirror Server for Signature Updates
   2. Extract the zip file and replace the matching files in the IIS directory with zip file contents

      C:\inetpub\wwwroot\<LocalMirrorFolder>

   3. Open do_update.bat and set 'outdir' to the path above (If it is desired to use SSL, use do_update_ssl.bat)

      SET outdir=C:\inetpub\wwwroot\<LocalMirrorFolder>

   4. Turn on the automated scheduling of `do_update.bat` (Windows Task Scheduler > Select Task > Enable and Run)
   5. If desired, SSL communications between the Local Mirror and CB update servers can be enabled by using `do_update_ssl.bat` instead of `do_update.bat`
   6. Verify that updates occurred in Local Mirror Server directory by inspecting Date modified

      C:\inetpub\wwwroot\<LocalMirrorFolder>\idx\master.idx

4. Download the latest Signature pack (20180816 or higher) as described in CB Defense: How to Download the AV Signature Pack
5. Deploy the new pack to all endpoints using your preferred systems management application: CB Defense: How to Silently Install the AV Signature Pack

6. Re-enable Local Mirror by starting IIS Website
   1. Open IIS Manager
   2. Expand Sites
   3. Right-click Site Name > Manage Website > Start
7. Verify that signatures are updating on Sensors: CB Defense: How to verify AV Signatures are updating
8. If signature updates have not resumed 24 hours after applying the solution, please open a support case

Additional Notes

• Be sure to apply step 5 to all master/golden images used to deploy non-persistent VDIs or physical machines
• The latest Signature pack is not compatible with Sensor versions 3.0.x.x; Please upgrade to 3.1.0.100 or higher.
  • We recommend using the latest Sensor version available via Endpoints > Sensor Options > Download Sensor Kits in PSC Console. 
• If a portion of your environment is not using Local Mirror Server and instead relies on Carbon Black Signature Update Server, please see Endpoint Standard: Signature Pack Version Has Not Updated Since August 1, 2019 for detailed steps on how to resolve the issue for those Sensors.
• An alternative solution is also available: CB Defense: How to bypass Local Mirror Server temporarily to resolve August 2019 signature update is...

Related Content