Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Demin_Mikhail
Explorer

Threat Emulation update error

Hello team,

 

I get similar errors with Threat Emulation on some gw's (actual for 80.30 and 80.40). You can see the examples on the pics image001 and image002.

 

Following sk181633 i solve the problem with Java: just deleted the corrupted revision, restarted TED process and started the update.

 

In Exe_Analyzer case i didn't find sk but symptoms looks like symptoms from sk181633, sk169100 and sk163596. In te_file_downloader.elg we have logs like this:

 

[TE (TD::Important)] main_te_fileDownloader: all arguments are valid: file type: te_exe_analyzer, version: gulliver, UID: 2859c07d-1f23-464a-92cd-f9f1ead26915, revision: 5911341, hash: 191339124, maxDownloadSpeedInBytes: 0, destination directory: /var/log/files_repository/Analyzer/2859c07d-1f23-464a-92cd-f9f1ead26915/5911341, proxy address: , porxy port: 0
[TE (TD::Important)] main_te_fileDownloader: proxy address string is:()
[TE (TD::All)] te::AttributeReader::AttributeObjectHandlerString::FetchAttribute: Failed to read attribute data, can't find value for attribute: download_center_path in attributes object, this might indicate that this attribute was not set yet
[NOTICE] http_client_create: CURL initialized successfully.
[NOTICE] http_client_create: curl init finished successfully
[NOTICE] FDTparser_create: FDTParser created succesfully.
http_client_set_opts: set proxy to
FDT_tderror_hide_password: called from create_info_soap
FDT_tderror_hide_password: invalid arguments
assert_ca_bundle_path: CA bundle path is "/opt/CPshrd-R80.40/conf/ca-bundle.crt"
[NOTICE] http_client_get_imp: Before performing POST operation. url=https://updates.checkpoint.com/WebService/services/DownloadMetaDataService. cert path=/opt/CPshrd-R80.40/conf/ca-bundle.crt
[INFO] http_client_handle_finished_download: HTTP code=200. Error String:No error
Error Buffer=<NULL>

 

and this:

 

[TE (TD::Important)] get_file: iterating over files...
[TE (TD::Important)] get_file: File revision (<revision number>), does not match required file's revision (<revision number>), skipping...

 

ant this:

 

[NOTICE] http_client_destroy: Free HttpClient memory - Done

[TE (TD::Critical)] main_te_fileDownloader: failed getting file

 

tecli show downloads ea shows status "Trying to download" (tecli_ea_1.txt) or status "Downloading" that stucks in one moment (tecli_ea_2.txt).

 

I was try to resolve the issue with Exe_Analyzer in similar way: i deleted problem revisions from /var/log/files_repository/Analyzer/, restarted TED process and try to download updates again with tecli advanced download update all. But this is not resolve the issue.

 

I have no more idea and would appreciate if anyone helps.

 

Thanks.

Mikhail Demin, information security ingineer, CCSE
0 Kudos
5 Replies
PhoneBoy
Admin
Admin

R80.30 and R80.40 are End of Support versions, FYI.
You might need to apply the update manually: https://support.checkpoint.com/results/sk/sk92509 

0 Kudos
Demin_Mikhail
Explorer

Yes, i know that 80.30/80.40 is EOL. But i thought that the 80.30/80.40 gateways is able to dowload actual updates for Threat Emulation anyway. Am i wrong?

Mikhail Demin, information security ingineer, CCSE
0 Kudos
PhoneBoy
Admin
Admin

Yes, but refer to the following important note in the SK:

image.png

0 Kudos
Demin_Mikhail
Explorer

One more question: if i decide the update threat emulation manually following sk92509 so what package i need in my case with exe_analyzer issue? Basic or slim package?

Mikhail Demin, information security ingineer, CCSE
0 Kudos
PhoneBoy
Admin
Admin

I'd go with the Slim package, if it were me.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

Upcoming Events

    CheckMates Events