Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

New process in R80.40 management

Hello,

I recently upgraded our lab management from R80.20 to R80.40 and found a new process running: tp_conf_service listening on the local loopback on port 12872. This is not present on m R80.20 management servers (soon to be upgraded). Looks like the process is spawned by the cpwd process. Any ideas what this is? Secure Knowledge is no help.

Output from pstree:

|-cpwd-+-AutoUpdaterServ-+-AutoUpdater---43*[{AutoUpdater}]
| | `-sleep
| |-DAService_scrip-+-DAService---5*[{DAService}]
| | `-sleep
| |-cpd---6*[{cpd}]
| |-cpstat_monitor
| |-cpview_services
| |-cpviewd
| |-fw_full-+-cpca
| | `-6*[{fw_full}]
| |-fwm---12*[{fwm}]
| |-java-+-java---45*[{java}]
| | `-137*[{java}]
| |-java---65*[{java}]
| |-java---67*[{java}]
| |-java---27*[{java}]
| |-java---73*[{java}]
| |-log_exporter---7*[{log_exporter}]
| |-log_indexer---36*[{log_indexer}]
| |-lpd
| |-smartlog_server---17*[{smartlog_server}]
| |-status_proxy
| |-tp_conf_service---3*[{tp_conf_service}]
| `-vsec_controller---java---33*[{java}]

Thanks

Dave

0 Kudos
3 Replies
Highlighted

Probably related to dynamic Threat Extraction updates which was added in R80.40.

Book "Max Power 2020: Check Point Firewall Performance Optimization" Third Edition
Now Available at www.maxpowerfirewalls.com
0 Kudos
Highlighted
Admin
Admin

Pretty sure @Timothy_Hall is correct here.
We launched as part of R80.40 and other R80.x via JHF an autoupdater for Threat Extraction, DLP, and Content Awareness.
It is enabled by default in R80.40 and disabled by default in other R80.x with the relevant JHF installed. 
It works on a similar principle to IPS today where a new update is automatically downloaded and applied, with the relevant policy install taking place automatically.
You can also revert to an older package if necessary.

Monitor status using: /opt/AutoUpdater/latest/bin/autoupdatercli show
To disable for TEX, run: /opt/AutoUpdater/latest/bin/autoupdatercli disable TEX_Engine
To enable for TEX, run: /opt/AutoUpdater/latest/bin/autoupdatercli enable TEX_Engine

 

Highlighted

Thanks Tim and PhoneBoy,

I will be disabling that, since we don't use any of those blades. Curious decision to enable be default.

Dave

0 Kudos