Re: anti-virus update status "unknown" in GW moni...

Emil_T · ‎2024-09-04

In SmartConsole (v81.20.970.649) , in GW monitor view, Anti-Bot & Anti-Virus, Anti-Virus, Anti-Bot update status shows: Unknown.
( click on GW right click > monitor )

On the GW there is a green V.

In the custom Policy tool> updates - it shows: N/A

Lesley · ‎2024-09-04

update smartconsole -> https://sc1.checkpoint.com/documents/Jumbo_HFA/R81.20_SC/R81.20/R81.20_Downloads.htm?tocpath=_____2

If AB is updated and it shows on the gateway, try this SK https://support.checkpoint.com/results/sk/sk171644

Smartview monitor uses this file to see the AV version:

SmartView Monitor reads the file called Anti_Virus.entitlement.C on the Security gateway to determine the Anti Virus version. This file is located under the $FWDIR/av/ca/update/incoming/ directory on the firewall

-------
If you like this post please give a thumbs up(kudo)! 🙂

Emil_T · ‎2024-10-15

[Expert@Company-FW3]# cat next_update
1729001301
2147483647
[Expert@Company-FW3]#

[Expert@Company-FW3]# date -d @1729001301
Tue Oct 15 17:08:21 GMT+0200 2024
[Expert@Company-FW3]# date -d @2147483647
Tue Jan 19 05:14:07 GMT+0200 2038

[Expert@Company-FW3]# date
Tue Oct 15 22:14:16 GMT+0200 2024
[Expert@Company-FW3]#
[Expert@Company-FW3]# ls -lh
drwxr-xr-x 2 root root 4.0K Feb 13 2024 0
-rw-r--r-- 1 root root 430 Oct 15 15:08 amw_status.C
lrwxrwxrwx 1 root root 21 Feb 13 2024 cur -> /storage/amw/update/0
-rw-r--r-- 1 root root 21 Oct 15 15:08 next_update

[Expert@Company-FW3]#
[Expert@Company-FW3]# cd cur/
[Expert@Company-FW3]# ls -lh
-rw-r--r-- 1 root root 0 Feb 13 2024 malware.eng
-rw-r--r-- 1 root root 3.7K Feb 13 2024 malware_gen_params.C
-rw-r--r-- 1 root root 3.7K Feb 13 2024 malware_gen_params_config.C
-rw-r--r-- 1 root root 0 Feb 13 2024 urlrep.eng
-rw-r--r-- 1 root root 0 Feb 13 2024 urlrep_small.eng
[Expert@Company-FW3]# pwd
/opt/fw1/amw/update/cur

[Expert@Company-FW3]# cd $FWDIR/av/kss/update/incoming/
[Expert@Company-FW3]# ls -lh
lrwxrwxrwx 1 root root 50 Feb 13 2024 KLsig.en2 -> /storage/av/kss/update/incoming/KLsig010101_01.en2
-rwxr-xr-x 1 root root 112 Feb 13 2024 KLsig010101_01.en2
-rwxr-xr-x 1 root root 64 Feb 13 2024 kss.inx.eng
[Expert@Company-FW3]#
[Expert@Company-FW3]# cat KLsig010101_01.en2
▒r#▒▒0▒ěP#▒▒▒Q▒▒▒t▒▒+}▒▒▒▒?G=▒A▒i▒Qi▒▒;|Cu▒▒-3▒hUk▒▒▒▒Cnr[▒▒P$▒5▒:▒▒MTy▒▒D▒▒-▒9▒Ѱ▒#b▒U$▒▒▒oB▒jC▒▒PuTTY
[Expert@Company-FW3]#
[Expert@Company-FW3]# cat kss.inx.eng
KLsig010101_01.en2 112
1247058927 Wed Jul 8 11:11:00 UTC 2009
[Expert@Company-FW3]#

System Log:
16:08:24 15 Oct 2024 Warning [Online Update] New Anti Virus: Check now failed: Check failed due to configuration errors

PhoneBoy · ‎2024-09-04

What is the precise version/JHF of the gateways and management?
What does cpstat -f update_status antimalware say on the gateway?

Emil_T · ‎2024-10-15

Unable to run this command.

It is managed

Quantum Spark 1800 Appliance
Version: R81.10.07 (996001430)

PhoneBoy · ‎2024-10-15

The command should work on SMB as well.
Here's the output from my R81.10.15 unit (local management):

[Expert@E1590]# cpstat -f update_status antimalware

AB Update status: 
AB Update description: 
AB Next update description: 
AB DB version: 
AV Update status: new
AV Update description: Gateway was updated with database version: 2410152033. Package date: Tue Oct 15 03:00:00 2024
.
AV Next update description: The next update will be run as scheduled.
AV DB version: 2410152033

Emil_T · ‎2024-10-15

Sorry my mistake:

Company-FW3> cpstat -f update_status antimalware

AB Update status:
AB Update description:
AB Next update description:
AB DB version:
AV Update status:
AV Update description:
AV Next update description:
AV DB version:

the_rock · ‎2024-09-04

Can you open old school sv monitor and see if it shows the same?

Andy

Emil_T · ‎2024-10-15

How can I open it?

Are you a member of CheckMates?

anti-virus update status "unknown" in GW monitor (SmartConsole)