To perform the cleanup of data that have empty MD5s from the database, follow the steps below:
- Perform a cleanup of null values:
NOTE: Execute the script only after you complete the purge task from step 2 below. After cleanup, the reputation starts getting updated and might take a few hours depending on the number of binaries present in the environment.
- If the issue persists, reputation resync must be performed manually to fetch new reputation for all binaries.
Open the browser and execute the following remote command: https://<epoip>:<port>/remote/scor.internal.config.parameters?configPropertyName=cloudDoFreshResyncOfAllBinaries&configPropertyValue=true.
- Use the below query or queries:
a. If the reputation of a particular binary is to be updated:
update SCOR_BINARY_REPUTATION set GTI_TTL_EXPIRY_UTC = NULL where MD5 = '<md5 value here>'
Or
b. If the reputation of all binaries whose GTI_TTL_EXPIRY_UTC has expired:
update SCOR_BINARY_REPUTATION set GTI_TTL_EXPIRY_UTC = null where GTI_TTL_EXPIRY_UTC < GETUTCDATE();
NOTE: To avoid reoccurrence of the issue after clean-up, we recommend that you stop the communication between the client (sending null MD5) and ePolicy Orchestrator.
