This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Trey
Contributor
‎2020-10-22 06:48 AM

Anti-Malware Database Update Fails. No Connection To Server.

A large number of agents are failing to update anti-malware database. A majority of the agents do update. They are all on the same network, behind the same firewall with the same policy, same agent version. The GUI says Anti-Malware Database failed. No connection to servers. In the AntiMalwareBlade log, we see the following:

2020-10-22 01:31:47.678 t:44800 epam [info ] EP_EVENT_UPDATE_PROGRESS: download progress=92% [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-10-22 01:31:47.698 t:44800 EiKav [info ] kuDoDownload returned: Result: 1c (SDK_CORE_DOWNLOAD_ERROR) [AMEngine::Kav::KavUpdater::Update]
2020-10-22 01:31:47.698 t:44800 epam [info ] Sending message, UPDATE_FAILED, engine returned result: 0x1c [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-10-22 01:31:47.698 t:44800 epam [error] Failed getting updates or canceled [AntiMalware::Updater::Updater::UpdaterThread]
2020-10-22 01:31:47.698 t:44800 EiKav [info ] Updater SDK unloaded successfully [AMEngine::Kav::KavUpdater::UnloadUpdaterSDK]
2020-10-22 01:31:47.702 t:604 epam [info ] Update result is UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-10-22 01:31:47.702 t:604 epam [error] UI translated updateResult result is 3 [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-10-22 01:31:47.702 t:5796 epam [info ] Update operation finished, result UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Updater::Updater::HandleNotifyUpdateCompletedMsg]
2020-10-22 01:31:47.708 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.708 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.709 t:8148 epam [info ] Updated EngineVersion is '8.9.2.1183' and signatures version is = '202007140911' [AntiMalware::EpamDafDaAdaptor::DafDaProxy::HandleUpdateCompleted]
2020-10-22 01:31:47.709 t:8148 epam [info ] Sending log event string (31 separators): '1310764Anti-MalwareConnected01603309536v18 - Anti-Malware (1)12020071409118.9.2.1183ErrorServer Not Available' [AntiMalware::EpamDafDaAdaptor::DafDaProxy::SendLogEvent]
2020-10-22 01:31:47.714 t:5796 epam [info ] immediate update required, engine is already initialized. Starting update in 15 minutes [AntiMalware::Updater::Updater::SetScheduledUpdateAlarm]
2020-10-22 01:31:47.715 t:5796 epam [info ] Last update: 1969-Dec-31 20:00:00; calculated next scheduled update: 2020-Oct-22 01:46:47; timesSkipped: 111343 [AntiMalware::Updater::Updater::SetScheduledUpdateAlarm]
2020-10-22 01:31:47.716 t:5796 epam [info ] Sent current update tasks status: {TaskName = Update, LastSucceededTime = 0(1970-Jan-01 00:00:00), LastAttemptTime = 1603344689(2020-Oct-22 05:31:29), NextScheduledTime = 1603345607(2020-Oct-22 05:46:47)} [AntiMalware::Updater::Updater::UpdateSystemTasksRecord]
2020-10-22 01:31:47.716 t:5796 epam [info ] SetAlarmTaskMsg sent with flowUid = 000000000000180c:0000000000021c64 [AntiMalware::Updater::Updater::SetScheduledUpdateAlarm]
2020-10-22 01:31:47.738 t:5796 epam [info ] Sent current update tasks status: {TaskName = Update, LastSucceededTime = 0(1970-Jan-01 00:00:00), LastAttemptTime = 1603344689(2020-Oct-22 05:31:29), NextScheduledTime = 1603345607(2020-Oct-22 05:46:47)} [AntiMalware::Updater::Updater::HandleGetSystemTaskStatusMsg]
2020-10-22 01:31:47.738 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.740 t:4696 EiKav [info ] DatVersion is: 202007140911 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-10-22 01:31:47.796 t:5956 epam [info ] Uploading record: {ProtocolVersion = <no_value>, ClientVersion = <no_value>, Type = 102020, ListFiles = <no_value>, MetaData1 = <no_value>, MetaData2 = <no_value>, IntField1 = <no_value>, IntField2 = <no_value>, IntField3 = <no_value>, IntField4 = <no_value>, IntField5 = <no_value>, IntField6 = <no_value>, IntField7 = <no_value>, IntField8 = <no_value>, IntField9 = <no_value>, IntField10 = <no_value>, StrField1 = <no_value>, StrField2 = <no_value>, StrField3 = <no_value>, StrField4 = {"Severity":"Critical","Product":"Anti-Malware","ConnectivityState":"Connected","Result":"Error","UpdateSource":"","UpdateProxy":"","UpdateVersion":"202007140911","EngineVersion":"8.9.2.1183","Details":"Server Not Available"}, StrField5 = CK-F2FCCA3C47DB, StrField6 = <no_value>, StrField7 = <no_value>, StrField8 = <no_value>, StrField9 = <no_value>, StrField10 = <no_value>} [AntiMalware::ThreatCloud::ThreatCloud::SendTMUpdate]

Any ideas?

Thanks!

0 Kudos
14 Replies
Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-10-22 07:30 AM

I suggest you'll open a ticket.

0 Kudos
Trey
Contributor
‎2020-10-22 07:41 AM
In response to Kobie_Bendalak

I already have. They've been no help.

Kobie_Bendalak
Employee Alumnus
Employee Alumnus
‎2020-10-22 07:46 AM
In response to Trey

Please send me the ticket number kobieb@checkpoint.com

Mikhail_Chizhov
Explorer
‎2020-11-24 08:21 AM
In response to Kobie_Bendalak

a similar problem. what was the solution?

when capturing packets, I see communication with kav8.zonealarm.com (transfer HTTP/XML 9833 bytes http://kav8.zonealarm.com/v6/index/u1313g.xml and HTTP/1.1 200 OK). and after the transfer, the session ends FIN,ACK - FIN, ACK - ACK.

2020-11-24 19:11:59.236 t:6184 EiKav [info ] DatVersion is: 202011140450 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-11-24 19:14:56.744 t:1572 essentials [info ] Event type = 1 strID = AV [VSZDxSink::HandleWaitResult]
2020-11-24 19:14:56.745 t:1572 epam [info ] AVQueryCall = {'QueryUpdateNow', ... [AntiMalware::Adaptors::EpamUiProxy::AVQueryCallback]
2020-11-24 19:14:56.768 t:3380 epam [warni] Lowering priority of update thread [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.768 t:3380 epam [info ] Starting update, total sources = 1 [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.775 t:3380 epam [info ] Sent current update tasks status: {TaskName = Update, LastSucceededTime = 0(1970-Jan-01 00:00:00), LastAttemptTime = 1606234496(2020-Nov-24 16:14:56), NextScheduledTime = 1606233545(2020-Nov-24 15:59:05)} [AntiMalware::Updater::Updater::UpdateSystemTasksRecord]
2020-11-24 19:14:56.775 t:3380 epam [info ] Initializing update from source: {SourceType = UST_CHECKPOINT_EXTERNAL(2), UpdateUrl = <no_value>, ProxySettings = {UseProxy = <no_value>, AutoDetect = <no_value>, Url = <no_value>, Port = <no_value>, RequiresAuthorization = <no_value>, Login = <no_value>, Password = <no_value>, NtlmAuthorization = <no_value>}, SourceDate = <no_value>} [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.775 t:3380 epam [info ] Update will use proxy [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.804 t:6184 EiKav [info ] DatVersion is: 202011140450 [AMEngine::Kav::KavProtectionEngine::GetDatVersionInternal]
2020-11-24 19:14:56.882 t:3380 epam [info ] versionTxtLocalPath: 'C:\Windows\TEMP\ep_6529.tmp', sourceHostName: 'kav8.zonealarm.com' [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.883 t:3380 epam [info ] proxyURL: '' [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.883 t:3380 epam [info ] Update source: {SourceType = UST_CHECKPOINT_EXTERNAL(2), UpdateUrl = <no_value>, ProxySettings = {UseProxy = <no_value>, AutoDetect = <no_value>, Url = <no_value>, Port = <no_value>, RequiresAuthorization = <no_value>, Login = <no_value>, Password = <no_value>, NtlmAuthorization = <no_value>}, SourceDate = <no_value>} [AntiMalware::Updater::SourceSettings::ResolveConnectionSettings]
2020-11-24 19:14:56.883 t:3380 epam [info ] Initialize updater: source url = <no_value> timeout = 60s, proxy setting: {UseProxy = <no_value>, AutoDetect = <no_value>, Url = <no_value>, Port = <no_value>, RequiresAuthorization = <no_value>, Login = <no_value>, Password = <no_value>, NtlmAuthorization = <no_value>} [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:56.911 t:3380 EiKav [info ] UpdaterSDK initialized successfully [AMEngine::Kav::KavUpdater::InitializeUpdaterSDK]
2020-11-24 19:14:56.911 t:3380 epam [info ] EP_EVENT_ENGINE_INITIALIZED_SUCCESSFULLY: Update started [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.010 t:3380 epam [info ] EP_EVENT_UPDATE_PROGRESS: download progress=0% [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.028 t:3380 epam [info ] EP_EVENT_UPDATE_PROGRESS: download progress=15% [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.039 t:3380 EiKav [info ] kuDoDownload returned: Result: 1c (SDK_CORE_DOWNLOAD_ERROR) [AMEngine::Kav::KavUpdater::Update]
2020-11-24 19:14:57.039 t:3380 epam [info ] Sending message, UPDATE_FAILED, engine returned result: 0x1c [AntiMalware::Updater::Updater::HandleUpdaterEvent]
2020-11-24 19:14:57.039 t:3380 epam [error] Failed getting updates or canceled [AntiMalware::Updater::Updater::UpdaterThread]
2020-11-24 19:14:57.039 t:3380 EiKav [info ] Updater SDK unloaded successfully [AMEngine::Kav::KavUpdater::UnloadUpdaterSDK]
2020-11-24 19:14:57.051 t:6988 epam [info ] Update result is UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-11-24 19:14:57.051 t:6988 epam [error] UI translated updateResult result is 3 [AntiMalware::Adaptors::EpamUiProxy::HandleUpdateCompleted]
2020-11-24 19:14:57.051 t:6240 epam [info ] Update operation finished, result UCR_SERVER_NOT_AVAILABLE(0) [AntiMalware::Updater::Updater::HandleNotifyUpdateCompletedMsg]

E84.20 (84.20.6108)

0 Kudos
Andrew_Wojtowic
Explorer
‎2021-05-10 09:59 AM
In response to Trey

ever get an answer on this?  i have the exact same issue but only with domain controllers.  checkpoint has been no help.  if i reboot the server it updates fine but i cant reboot these DC's all the time.  

0 Kudos
Trey
Contributor
‎2021-05-10 11:12 AM
In response to Andrew_Wojtowic

Sorry, it just fixed itself. No idea why.😕

0 Kudos
J_B
Collaborator
‎2022-03-28 03:10 AM
In response to Trey

Did the problem ever come back or not?  We're seeing the same issue with a number of our devices as well.  Majority work fine, but we do have a significant amount that fail to update.  Even updating to the newest client doesn't fix the issue.

0 Kudos
Marcos_Vieira
Contributor
‎2022-06-13 04:18 PM
In response to J_B

I was having the same problem here, in my lab. What solved my problem was the procedure found in sk141033 - "Anti-Malware cannot update signatures from Endpoint Security Server". I have just tested it successfully.

0 Kudos
Rajesh891003
Explorer
‎2023-04-04 07:07 AM
In response to Kobie_Bendalak

We are facing same issue. we raised ticket since 1 month before. still it is not solved. Can you please guide us 

ticket no SR#6-0003562369

 

 

0 Kudos
Chris_Atkinson
MVP Gold CHKP MVP Gold CHKP
MVP Gold CHKP
‎2023-04-05 07:59 AM
In response to Rajesh891003

Which endpoint client version and what update sources do you have configured?

CCSM R77/R80/ELITE
0 Kudos
Rajesh891003
Explorer
‎2023-04-05 08:20 AM
In response to Chris_Atkinson

we are using endpoint version is 81.20 

0 Kudos
Rajesh891003
Explorer
‎2023-04-05 08:22 AM
In response to Chris_Atkinson

our endpoint version 81.20 and update source we tried with external resource. But not working. before we tried with server also. 

0 Kudos
Rajesh891003
Explorer
‎2023-04-05 08:25 AM
In response to Chris_Atkinson

could you able to access our system and solve this issue?

 

we are suffering from this issue for 2 months. No one can't able to solve the problem. checkpoint is a very big company. But they even couldn't able to solve their own product since 2 months. It's quite not acceptable.

 

can you please access our system and solve this issue?

0 Kudos
Bac26
Contributor
‎2023-06-12 05:05 AM
In response to Rajesh891003

Did you get a solution? have same issues even on DC that cannot reboot to solve it

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    Sort by:
    CheckMates Events