Environment
Symptoms
- All devices in the console show "Yara Rules out of Date"
- Trace.bt9 log (created in high debugging) shows "YaraRuleDownloadRequest::ValidateFile: Validation failed"
Cause
Generation of the Yara package was either interrupted or did not build correctly. So expected Yara rules, and actual Yara rules do not match.
Resolution
- Remote into the Cb Protection server.
- Navigate to the configxml directory. By default this is located under C:\Program Files (x86)\Bit9\Parity Server\configxml
- Move all Yara_*.bt9 files to a location outside the Parity folders, such as your desktop.
- Navigate to the hostpkg directory. By default this is located under C:\Program Files (x86)\Bit9\Parity Server\hostpkg
- Move the yara.bt9 file to a location outside the Parity folders, such as your desktop.
- Within a web browser navigate to the support page of your web console: "https://YourServerName/support.php"
- Click the Advanced Configuration Tab, then on the right hand side select "Regenerate Install Files"
Once the install files complete, the devices should be able to update their Yara rules.
Additional Notes
Cb Protection: Collecting agent logs remotely for troubleshooting - Windows
Cb Protection: Yara Rules out of Date - WinHttpSendRequest Error[12175:]
Cb Protection: Yara Rules out of Date - WinHttpSendRequest Error[12029]