Environment

• Endpoint Standard CBC Console: All versions
• Endpoint Standard CBC Sensor: All versions
  • Microsoft Windows: All supported versions
• Local Mirror: All versions
  • Linux OS: All supported versions
  • Microsoft Windows: All supported versions

Symptoms

• Sensors will show in the console as out of date
• Many of the out-of-date Sensors will show the same signature date
• Sensors may update signatures to latest available from the CB update server
• Sensors will then show out of date at a later time having reverted to the previous out-of-date signature
• The upd.log file (C:Program Files\Confer\Scanner\upd.log) shows the definitions rolled back after updating from the local mirror server

  Callback: C:\Program Files\Confer\scanner\Data_1\aevdf.dat CurrentVersion != LocalMirrorVersion -> File will be rolled back.dll
  Callback: C:\Program Files\Confer\scanner\Data_1\xbvXXXXX.vdf CurrentVersion != LocalMirrorVersion -> File will be rolled back

Cause

Resolution

Additional Notes

• If the Sensor's policy is configured to use both CB's update server and the local mirror, the Sensor will check both servers and use the server with the fastest response time
• If the Sensor connects to the local mirror server and it is out-of-date, the Sensor will roll back definitions to the Signature pack available on the local mirror
• To explore the idea of changing this behavior, please see this post on Idea Central
• The update process on the local mirror must be run manually or set up to run on a schedule using OS tools such as Task Scheduler in Windows or cron in Linux
• See the Local Mirror troubleshooting KB if the scheduled task is setup and running and updates are still not occurring

Related Content