https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206811#M8275 <P>Hi</P> <P>There are two different things when we speak about AM:</P> <OL> <LI>Engine version. Looks like&nbsp;3.90.0</LI> <LI>Signature version. Looks like&nbsp;6.06 16/01/2024. This is DB which is released roughly once per month and gets small updates several times per day. Linux client also reports version as a timestamp (e.g. 202402220810)</LI> </OL> <P>Engine version is pretty much common for Windows and Linux.&nbsp;However, there might be some time gaps when engine is updated on one platform and remains on the other.</P> <P>Signatures are the same for both platforms.</P> <P>To see if Linux agent runs the latest signatures, run 'sudo cpla am info' on the machine:</P> <P class="lia-indent-padding-left-30px">user@host &gt; sudo cpla am info<BR />CPLA version: 1.13.3<BR />Anti-Malware version: 3.90.0 / 6.06 16/01/2024 (90995083 signatures)<BR />Signature version: 202402220810<BR />Policy name: Default Anti Malware policy<BR />Policy version: 0</P> <P>In the example above signature version is&nbsp;202402220810, which reflects the current date.</P> Thu, 22 Feb 2024 11:07:39 GMT Alex_G 2024-02-22T11:07:39Z https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206799#M8274 <P>The estate has both Windows and Linux machines installed with Checkpoint EDR, recently I noticed a very different anti-malware version for a few of my Linux machines <STRONG>3.89.0/ 6.05 28/11/2023.&nbsp;</STRONG>The main concern is that these Linux devices are fetching the Windows DAT signature and are not updating to the latest version.</P><P>Can anyone help me understand what exactly is happening here, why a Linux machine is using a Windows DAT signature, and the possible reasons behind this?</P><P>&nbsp;</P><P>********</P><P>Regards,</P><P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/104118">@SayoojDinan</a>&nbsp;</P> Thu, 22 Feb 2024 08:48:09 GMT https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206799#M8274 SayoojDinan 2024-02-22T08:48:09Z https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206811#M8275 <P>Hi</P> <P>There are two different things when we speak about AM:</P> <OL> <LI>Engine version. Looks like&nbsp;3.90.0</LI> <LI>Signature version. Looks like&nbsp;6.06 16/01/2024. This is DB which is released roughly once per month and gets small updates several times per day. Linux client also reports version as a timestamp (e.g. 202402220810)</LI> </OL> <P>Engine version is pretty much common for Windows and Linux.&nbsp;However, there might be some time gaps when engine is updated on one platform and remains on the other.</P> <P>Signatures are the same for both platforms.</P> <P>To see if Linux agent runs the latest signatures, run 'sudo cpla am info' on the machine:</P> <P class="lia-indent-padding-left-30px">user@host &gt; sudo cpla am info<BR />CPLA version: 1.13.3<BR />Anti-Malware version: 3.90.0 / 6.06 16/01/2024 (90995083 signatures)<BR />Signature version: 202402220810<BR />Policy name: Default Anti Malware policy<BR />Policy version: 0</P> <P>In the example above signature version is&nbsp;202402220810, which reflects the current date.</P> Thu, 22 Feb 2024 11:07:39 GMT https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206811#M8275 Alex_G 2024-02-22T11:07:39Z https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206812#M8276 <P><a href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/107492">@Alex_G</a>&nbsp;Thanks for your reply.</P><P>My DAT signature shows <STRONG>202312060548,&nbsp;</STRONG>this is quite a concern. How do I resolve this, also my endpoints are connected to the MGMT server and the agent version is 1.13.3.</P><P>********</P><P>Regards,</P><P><A href="https://community.checkpoint.com/t5/user/viewprofilepage/user-id/104118" target="_blank">@SayoojDinan</A>&nbsp;</P> Thu, 22 Feb 2024 11:22:02 GMT https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206812#M8276 SayoojDinan 2024-02-22T11:22:02Z https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206816#M8277 <P>Management server allows to configure update source for AM. Here is a quick test that you can do:</P> <OL> <LI>Restart the client by running "sudo systemctl restart cpla". Check the version in 5 mins</LI> <LI>Ensure that you are able to see SPS_VERSION in output of `curl <A href="https://teadv.checkpoint.com/Sophos-stg/version.txt`" target="_blank">https://teadv.checkpoint.com/Sophos-stg/version.txt`</A>This should be available if the client is configured to use external server.&nbsp; Updates from management server is in our roadmap. If you use proxy in your environment, it should be configured at the time of installation or by editing /etc/checkpoint/cpla/env and restarting the service</LI> <LI>Ensure that client is configured to use external update server.</LI> </OL> <P>Hope this will resolve the issue. if it doesn't, I would proceed with a support ticket</P> <P>Alex</P> <P>&nbsp;</P> Thu, 22 Feb 2024 11:45:00 GMT https://community.checkpoint.com/t5/Endpoint/DAT-signatures-of-Windows-and-Linux/m-p/206816#M8277 Alex_G 2024-02-22T11:45:00Z