This website uses cookies. By clicking Accept, you consent to the use of cookies. Click Here to learn more about how we use cookies.
Accept
Reject
ABOUT CHECKMATES & FAQ
Create a Post
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Help

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Trey
Contributor
‎2020-10-22 06:48 AM

Anti-Malware Database Update Fails. No Connection To Server.

A large number of agents are failing to update anti-malware database. A majority of the agents do update. They are all on the same network, behind the same firewall with the same policy, same agent version. The GUI says Anti-Malware Database failed. No connection to servers. In the AntiMalwareBlade log, we see the following:

2020-10-22 01:31:47.678 t:44800 epam [info ] EP_EVENT_UPDATE_PROGRESS: download progress=92% [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-10-22 01:31:47.698 t:44800 EiKav [info ] kuDoDownload returned: Result: 1c (SDK_CORE_DOWNLOAD_ERROR) [AMEngine::Kav::KavUpdater::Update]
2020-10-22 01:31:47.698 t:44800 epam [info ] Sending message, UPDATE_FAILED, engine returned result: 0x1c [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-10-22 01:31:47.698 t:44800 epam [error] Failed getting updates or canceled [AntiMalware::Updater::Updater::UpdaterThread]
2020-10-22 01:31:47.698 t:44800 EiKav [info ] Updater SDK unloaded successfully [AMEngine::Kav::KavUpdater::UnloadUpdaterSDK]
2020-10-22 01:31:47.702 t:604 epam [info ] Update result is UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-10-22 01:31:47.702 t:604 epam [error] UI translated updateResult result is 3 [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-10-22 01:31:47.702 t:5796 epam [info ] Update operation finished, result UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Updater::Updater::HandleNotifyUpdateCompletedMsg]
2020-10-22 01:31:47.708 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.708 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.709 t:8148 epam [info ] Updated EngineVersion is '8.9.2.1183' and signatures version is = '202007140911' [AntiMalware::EpamDafDaAdaptor::DafDaProxy::HandleUpdateCompleted]
2020-10-22 01:31:47.709 t:8148 epam [info ] Sending log event string (31 separators): '1310764Anti-MalwareConnected01603309536v18 - Anti-Malware (1)12020071409118.9.2.1183ErrorServer Not Available' [AntiMalware::EpamDafDaAdaptor::DafDaProxy::SendLogEvent]
2020-10-22 01:31:47.714 t:5796 epam [info ] immediate update required, engine is already initialized. Starting update in 15 minutes [AntiMalware::Updater::Updater::SetScheduledUpdateAlarm]
2020-10-22 01:31:47.715 t:5796 epam [info ] Last update: 1969-Dec-31 20:00:00; calculated next scheduled update: 2020-Oct-22 01:46:47; timesSkipped: 111343 [AntiMalware::Updater::Updater::SetScheduledUpdateAlarm]
2020-10-22 01:31:47.716 t:5796 epam [info ] Sent current update tasks status: {TaskName = Update, LastSucceededTime = 0(1970-Jan-01 00:00:00), LastAttemptTime = 1603344689(2020-Oct-22 05:31:29), NextScheduledTime = 1603345607(2020-Oct-22 05:46:47)} [AntiMalware::Updater::Updater::UpdateSystemTasksRecord]
2020-10-22 01:31:47.716 t:5796 epam [info ] SetAlarmTaskMsg sent with flowUid = 000000000000180c:0000000000021c64 [AntiMalware::Updater::Updater::SetScheduledUpdateAlarm]
2020-10-22 01:31:47.738 t:5796 epam [info ] Sent current update tasks status: {TaskName = Update, LastSucceededTime = 0(1970-Jan-01 00:00:00), LastAttemptTime = 1603344689(2020-Oct-22 05:31:29), NextScheduledTime = 1603345607(2020-Oct-22 05:46:47)} [AntiMalware::Updater::Updater::HandleGetSystemTaskStatusMsg]
2020-10-22 01:31:47.738 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.740 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.796 t:5956 epam [info ] Uploading record: {ProtocolVersion = <no_value>, ClientVersion = <no_value>, Type = 102020, ListFiles = <no_value>, MetaData1 = <no_value>, MetaData2 = <no_value>, IntField1 = <no_value>, IntField2 = <no_value>, IntField3 = <no_value>, IntField4 = <no_value>, IntField5 = <no_value>, IntField6 = <no_value>, IntField7 = <no_value>, IntField8 = <no_value>, IntField9 = <no_value>, IntField10 = <no_value>, StrField1 = <no_value>, StrField2 = <no_value>, StrField3 = <no_value>, StrField4 = {"Severity":"Critical","Product":"Anti-Malware","ConnectivityState":"Connected","Result":"Error","UpdateSource":"","UpdateProxy":"","UpdateVersion":"202007140911","EngineVersion":"8.9.2.1183","Details":"Server Not Available"}, StrField5 = CK-F2FCCA3C47DB, StrField6 = <no_value>, StrField7 = <no_value>, StrField8 = <no_value>, StrField9 = <no_value>, StrField10 = <no_value>} [AntiMalware::ThreatCloud::ThreatCloud::SendTMUpdate]

Any ideas?

Thanks!

0 Kudos
8 Replies
Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-10-22 07:30 AM

I suggest you'll open a ticket.

0 Kudos
Trey
Contributor
‎2020-10-22 07:41 AM
In response to Kobie_Bendalak

I already have. They've been no help.

Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-10-22 07:46 AM
In response to Trey

Please send me the ticket number kobieb@checkpoint.com

Mikhail_Chizhov
Explorer
‎2020-11-24 08:21 AM
In response to Kobie_Bendalak

a similar problem. what was the solution?

when capturing packets, I see communication with kav8.zonealarm.com (transfer HTTP/XML 9833 bytes http://kav8.zonealarm.com/v6/index/u1313g.xml and HTTP/1.1 200 OK). and after the transfer, the session ends FIN,ACK - FIN, ACK - ACK.

2020-11-24 19:11:59.236 t:6184 EiKav [info ] DatVersion is: 202011140450 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-11-24 19:14:56.744 t:1572 essentials [info ] Event type = 1 strID = AV [VSZDxSink::HandleWaitResult]
2020-11-24 19:14:56.745 t:1572 epam [info ] AVQueryCall = {'QueryUpdateNow', ... [AntiMalware::Adaptors::EpamUiProxy::AVQueryCallback]
2020-11-24 19:14:56.768 t:3380 epam [warni] Lowering priority of update thread [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.768 t:3380 epam [info ] Starting update, total sources = 1 [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.775 t:3380 epam [info ] Sent current update tasks status: {TaskName = Update, LastSucceededTime = 0(1970-Jan-01 00:00:00), LastAttemptTime = 1606234496(2020-Nov-24 16:14:56), NextScheduledTime = 1606233545(2020-Nov-24 15:59:05)} [AntiMalware::Updater::Updater::UpdateSystemTasksRecord]
2020-11-24 19:14:56.775 t:3380 epam [info ] Initializing update from source: {SourceType = UST_CHECKPOINT_EXTERNAL(2), UpdateUrl = <no_value>, ProxySettings = {UseProxy = <no_value>, AutoDetect = <no_value>, Url = <no_value>, Port = <no_value>, RequiresAuthorization = <no_value>, Login = <no_value>, Password = <no_value>, NtlmAuthorization = <no_value>}, SourceDate = <no_value>} [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.775 t:3380 epam [info ] Update will use proxy [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.804 t:6184 EiKav [info ] DatVersion is: 202011140450 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-11-24 19:14:56.882 t:3380 epam [info ] versionTxtLocalPath: 'C:\Windows\TEMP\ep_6529.tmp', sourceHostName: 'kav8.zonealarm.com' [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.883 t:3380 epam [info ] proxyURL: '' [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.883 t:3380 epam [info ] Update source: {SourceType = UST_CHECKPOINT_EXTERNAL(2), UpdateUrl = <no_value>, ProxySettings = {UseProxy = <no_value>, AutoDetect = <no_value>, Url = <no_value>, Port = <no_value>, RequiresAuthorization = <no_value>, Login = <no_value>, Password = <no_value>, NtlmAuthorization = <no_value>}, SourceDate = <no_value>} [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.883 t:3380 epam [info ] Initialize updater: source url = <no_value> timeout = 60s, proxy setting: {UseProxy = <no_value>, AutoDetect = <no_value>, Url = <no_value>, Port = <no_value>, RequiresAuthorization = <no_value>, Login = <no_value>, Password = <no_value>, NtlmAuthorization = <no_value>} [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.911 t:3380 EiKav [info ] UpdaterSDK initialized successfully [AMEngine::Kav::KavUpdater::InitializeUpdaterSDK]
2020-11-24 19:14:56.911 t:3380 epam [info ] EP_EVENT_ENGINE_INITIALIZED_SUCCESSFULLY: Update started [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.010 t:3380 epam [info ] EP_EVENT_UPDATE_PROGRESS: download progress=0% [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.028 t:3380 epam [info ] EP_EVENT_UPDATE_PROGRESS: download progress=15% [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.039 t:3380 EiKav [info ] kuDoDownload returned: Result: 1c (SDK_CORE_DOWNLOAD_ERROR) [AMEngine::Kav::KavUpdater::Update]
2020-11-24 19:14:57.039 t:3380 epam [info ] Sending message, UPDATE_FAILED, engine returned result: 0x1c [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.039 t:3380 epam [error] Failed getting updates or canceled [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:57.039 t:3380 EiKav [info ] Updater SDK unloaded successfully [AMEngine::Kav::KavUpdater::UnloadUpdaterSDK]
2020-11-24 19:14:57.051 t:6988 epam [info ] Update result is UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-11-24 19:14:57.051 t:6988 epam [error] UI translated updateResult result is 3 [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-11-24 19:14:57.051 t:6240 epam [info ] Update operation finished, result UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Updater::Updater::HandleNotifyUpdateCompletedMsg]

E84.20 (84.20.6108)

0 Kudos
Andrew_Wojtowic
Explorer
‎2021-05-10 09:59 AM
In response to Trey

ever get an answer on this?  i have the exact same issue but only with domain controllers.  checkpoint has been no help.  if i reboot the server it updates fine but i cant reboot these DC's all the time.  

0 Kudos
Trey
Contributor
‎2021-05-10 11:12 AM
In response to Andrew_Wojtowic

Sorry, it just fixed itself. No idea why.😕

0 Kudos
J_B
Collaborator
‎2022-03-28 03:10 AM
In response to Trey

Did the problem ever come back or not?  We're seeing the same issue with a number of our devices as well.  Majority work fine, but we do have a significant amount that fail to update.  Even updating to the newest client doesn't fix the issue.

0 Kudos
Marcos_Vieira1
Contributor
‎2022-06-13 04:18 PM
In response to J_B

I was having the same problem here, in my lab. What solved my problem was the procedure found in sk141033 - "Anti-Malware cannot update signatures from Endpoint Security Server". I have just tested it successfully.

0 Kudos