DAT or AMCore content update fails in air-gapped environments
Last Modified: 2023-03-15 09:43:13 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
DAT or AMCore content update fails in air-gapped environments
Technical Articles ID:
KB92631
Last Modified: 2023-03-15 09:43:13 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention 10.x Trellix Agent (TA) 5.x ProblemIn air-gapped environments with isolated connectivity, DAT or
<timestamp> masvc(1336.1380) Updater.Info: Updater engine is spawned successfully. ... <timestamp> masvc(1336.1380) compatservice.Info: is_compat_running: 1, is_compat_required: 1 <timestamp> masvc(1336.1380) msgbus.Info: QueryFullProcessImageName C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe <timestamp> masvc(1336.1380) msgbus.Info: verify code signature returns <-2146762486>, GetLastError <-2146762486>. <timestamp> masvc(1336.1380) msgbus.Warning: Allowing <C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe(11924)> limited access onto msgbus ... The <time and date> I #22504 ScrptExe Running "C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe" /LPCPUID=AMCORE__2000:8980_3429152929:0001 <time and date> I #22504 ScrptExe Did not match searched path <time and date> I #22504 ScrptExe Executing "C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe" /LPCPUID=AMCORE__2000:8980_3429152929:0001 <time and date> I #22504 ScrptExe Executing "C:\Program Files\Common Files\McAfee\Engine\AMCoreUpdater\amupdate.exe" /LPCPUID=AMCORE__2000:8980_3429152929:0001 /INITEVENT=NOTIFY_INIT_{BE8DA76F-04E1-4A87-B836-7D7C80147DA9} /DEINITEVENT=NOTIFY_DEINIT_{547A6F47-DA98-48B7-A55C-4541D9B1605F} ... <time and date> I #22504 UpdatePlugin Initializing update plugin: AMCORE__2000:8980_3429152929:0001 <time and date> I #22504 UpdatePlugin Creating instance of LPC updater callback interface <time and date> I #22504 UpdatePlugin Successfully created updater callback LPC interface ... <time and date> E #22504 UpdatePlugin LPCException occurred in MfeUpdatePluginWrapper::setProductInfo() <time and date> I #22504 ScrptExe Failed to set the product information. Setting SetMcShieldClientdll to FALSE ... <time and date> E #22504 ScrptExe [DeinitSignalApp]-> <time and date> E #22504 ScrptExe Could not deinitialize the process with id - AMCORE__2000:8980_3429152929:0001 as no such process exists <time and date> I #22504 ScrptExe Executing section: [LatestAlreadyInstalled] <time and date> I #22504 ScrptMgr Product(s) running the latest AMCore. The content update process finishes reporting that no new content can be found. So, the content remains on the currently installed version. Also, if you trace an update attempt with a tool like Process Monitor, you can observe that A reboot doesn't correct the problem. Exploit Prevention content might still update successfully. System Change
Systems and the ePolicy Orchestrator (ePO) server are in an air-gapped environment. Or, old builds of the ENS product, originally released years in the past, have been freshly installed recently.
Cause
The Solution
Update the Also, make sure that the needed root certificates on the systems are installed. For instructions, see KB91697 - How to update your root certificate authorities for product installation and upgrade success. Affected ProductsLanguages:This article is available in the following languages: |
|