Cb Protection: Yara Rules out of Date - Validation Failed

Cb Protection: Yara Rules out of Date - Validation Failed

Environment

  • Cb Protection: 8.x

Symptoms

  • All devices in the console show "Yara Rules out of Date"
  • Trace.bt9 log (created in high debugging) shows "YaraRuleDownloadRequest::ValidateFile: Validation failed"

Cause

Generation of the Yara package was either interrupted or did not build correctly. So expected Yara rules, and actual Yara rules do not match.

Resolution

  1. Remote into the Cb Protection server.
  2. Navigate to the configxml directory. By default this is located under C:\Program Files (x86)\Bit9\Parity Server\configxml
  3. Move all Yara_*.bt9 files to a location outside the Parity folders, such as your desktop.
  4. Navigate to the hostpkg directory. By default this is located under C:\Program Files (x86)\Bit9\Parity Server\hostpkg
  5. Move the yara.bt9 file to a location outside the Parity folders, such as your desktop.
  6. Within a web browser navigate to the support page of your web console: "https://YourServerName/support.php"
  7. Click the Advanced Configuration Tab, then on the right hand side select "Regenerate Install Files"

Once the install files complete, the devices should be able to update their Yara rules.

Additional Notes

Cb Protection: Collecting agent logs remotely for troubleshooting - Windows

Cb Protection: Yara Rules out of Date - WinHttpSendRequest Error[12175:]

Cb Protection: Yara Rules out of Date - WinHttpSendRequest Error[12029]

Labels (1)
Tags (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎01-25-2018
Views:
3390
Contributors