Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
David_C1
Advisor

New process in R80.40 management

Hello,

I recently upgraded our lab management from R80.20 to R80.40 and found a new process running: tp_conf_service listening on the local loopback on port 12872. This is not present on m R80.20 management servers (soon to be upgraded). Looks like the process is spawned by the cpwd process. Any ideas what this is? Secure Knowledge is no help.

Output from pstree:

|-cpwd-+-AutoUpdaterServ-+-AutoUpdater---43*[{AutoUpdater}]
| | `-sleep
| |-DAService_scrip-+-DAService---5*[{DAService}]
| | `-sleep
| |-cpd---6*[{cpd}]
| |-cpstat_monitor
| |-cpview_services
| |-cpviewd
| |-fw_full-+-cpca
| | `-6*[{fw_full}]
| |-fwm---12*[{fwm}]
| |-java-+-java---45*[{java}]
| | `-137*[{java}]
| |-java---65*[{java}]
| |-java---67*[{java}]
| |-java---27*[{java}]
| |-java---73*[{java}]
| |-log_exporter---7*[{log_exporter}]
| |-log_indexer---36*[{log_indexer}]
| |-lpd
| |-smartlog_server---17*[{smartlog_server}]
| |-status_proxy
| |-tp_conf_service---3*[{tp_conf_service}]
| `-vsec_controller---java---33*[{java}]

Thanks

Dave

0 Kudos
3 Replies
Timothy_Hall
Legend Legend
Legend

Probably related to dynamic Threat Extraction updates which was added in R80.40.

Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com
0 Kudos
PhoneBoy
Admin
Admin

Pretty sure @Timothy_Hall is correct here.
We launched as part of R80.40 and other R80.x via JHF an autoupdater for Threat Extraction, DLP, and Content Awareness.
It is enabled by default in R80.40 and disabled by default in other R80.x with the relevant JHF installed. 
It works on a similar principle to IPS today where a new update is automatically downloaded and applied, with the relevant policy install taking place automatically.
You can also revert to an older package if necessary.

Monitor status using: /opt/AutoUpdater/latest/bin/autoupdatercli show
To disable for TEX, run: /opt/AutoUpdater/latest/bin/autoupdatercli disable TEX_Engine
To enable for TEX, run: /opt/AutoUpdater/latest/bin/autoupdatercli enable TEX_Engine

 

David_C1
Advisor

Thanks Tim and PhoneBoy,

I will be disabling that, since we don't use any of those blades. Curious decision to enable be default.

Dave

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events