Environment
- CB Defense PSC Console: All Versions
- CB Defense Local Mirror Server: Version 2.2 and Lower
- Microsoft Windows: All Supported Versions
- CB Defense PSC Sensor: 2.0.x.x and Higher
- Microsoft Windows: All Supported Versions
Symptoms
- The Local Mirror server has not been able to update Signature pack versions since August 1, 2019
- Tests to reach CB Update Servers fail
- Most recent date modified on master.idx file (C:\inetpub\wwwroot\<LocalMirrorFolder>\idx\) is August 1, 2019
Cause
This is related to a
known issue with Signature Pack updates
Resolution
- Ensure traffic to the new Signature Update Server URL is allowed through proxies and firewalls without packet inspection (TCP/80 or TCP/443)
updates2.cdc.carbonblack.io
- Disable Mirror Server
- Turn off the automated scheduling of `do_update.bat` (Windows Task Scheduler > Select Task > End and Disable)
- Stop IIS Website
- Open IIS Manager
- Expand Sites
- Right-click Site Name > Manage Website > Stop
- Update Mirror Server
- Download the latest mirror server package for Windows from CB Defense: Local Mirror Server for Signature Updates
- Extract the zip file and replace the matching files in the IIS directory with zip file contents
C:\inetpub\wwwroot\<LocalMirrorFolder>
- Open do_update.bat and set 'outdir' to the path above (If it is desired to use SSL, use do_update_ssl.bat)
SET outdir=C:\inetpub\wwwroot\<LocalMirrorFolder>
- Turn on the automated scheduling of `do_update.bat` (Windows Task Scheduler > Select Task > Enable and Run)
- If desired, SSL communications between the Local Mirror and CB update servers can be enabled by using `do_update_ssl.bat` instead of `do_update.bat`
- Verify that updates occurred in Local Mirror Server directory by inspecting Date modified
C:\inetpub\wwwroot\<LocalMirrorFolder>\idx\master.idx
- Download the latest Signature pack (20180816 or higher) as described in CB Defense: How to Download the AV Signature Pack
- Deploy the new pack to all endpoints using your preferred systems management application: CB Defense: How to Silently Install the AV Signature Pack
NOTE: If doing an interactive installation of the Signature Pack, you may receive "Failed to notify signature pack ready, error 5" message, which is safe to ignore; No error will be displayed or logged in case of silent installation.
- Re-enable Local Mirror by starting IIS Website
- Open IIS Manager
- Expand Sites
- Right-click Site Name > Manage Website > Start
- Verify that signatures are updating on Sensors: CB Defense: How to verify AV Signatures are updating
- If signature updates have not resumed 24 hours after applying the solution, please open a support case
Additional Notes
Related Content