This website uses Cookies. Click Accept to agree to our website's cookie use as described in our Privacy Policy. Click Preferences to customize your cookie settings.
Accept
Reject
Preferences
ABOUT CHECKMATES CYBER SECURITY COMMUNITY & FAQ
Create a Post
Help
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Are you a member of CheckMates?

×
Sign in with your Check Point UserCenter/PartnerMap account to access more great content and get a chance to win some Apple AirPods! If you don't have an account, create one now for free!
Demin_Mikhail
Explorer
‎2024-09-03 07:12 AM

Threat Emulation update error

Hello team,

 

I get similar errors with Threat Emulation on some gw's (actual for 80.30 and 80.40). You can see the examples on the pics image001 and image002.

 

Following sk181633 i solve the problem with Java: just deleted the corrupted revision, restarted TED process and started the update.

 

In Exe_Analyzer case i didn't find sk but symptoms looks like symptoms from sk181633, sk169100 and sk163596. In te_file_downloader.elg we have logs like this:

 

[TE (TD::Important)] main_te_fileDownloader: all arguments are valid: file type: te_exe_analyzer, version: gulliver, UID: 2859c07d-1f23-464a-92cd-f9f1ead26915, revision: 5911341, hash: 191339124, maxDownloadSpeedInBytes: 0, destination directory: /var/log/files_repository/Analyzer/2859c07d-1f23-464a-92cd-f9f1ead26915/5911341, proxy address: , porxy port: 0
[TE (TD::Important)] main_te_fileDownloader: proxy address string is:()
[TE (TD::All)] te::AttributeReader::AttributeObjectHandlerString::FetchAttribute: Failed to read attribute data, can't find value for attribute: download_center_path in attributes object, this might indicate that this attribute was not set yet
[NOTICE] http_client_create: CURL initialized successfully.
[NOTICE] http_client_create: curl init finished successfully
[NOTICE] FDTparser_create: FDTParser created succesfully.
http_client_set_opts: set proxy to
FDT_tderror_hide_password: called from create_info_soap
FDT_tderror_hide_password: invalid arguments
assert_ca_bundle_path: CA bundle path is "/opt/CPshrd-R80.40/conf/ca-bundle.crt"
[NOTICE] http_client_get_imp: Before performing POST operation. url=https://updates.checkpoint.com/WebService/services/DownloadMetaDataService. cert path=/opt/CPshrd-R80.40/conf/ca-bundle.crt
[INFO] http_client_handle_finished_download: HTTP code=200. Error String:No error
Error Buffer=<NULL>

 

and this:

 

[TE (TD::Important)] get_file: iterating over files...
[TE (TD::Important)] get_file: File revision (<revision number>), does not match required file's revision (<revision number>), skipping...

 

ant this:

 

[NOTICE] http_client_destroy: Free HttpClient memory - Done

[TE (TD::Critical)] main_te_fileDownloader: failed getting file

 

tecli show downloads ea shows status "Trying to download" (tecli_ea_1.txt) or status "Downloading" that stucks in one moment (tecli_ea_2.txt).

 

I was try to resolve the issue with Exe_Analyzer in similar way: i deleted problem revisions from /var/log/files_repository/Analyzer/, restarted TED process and try to download updates again with tecli advanced download update all. But this is not resolve the issue.

 

I have no more idea and would appreciate if anyone helps.

 

Thanks.

Mikhail Demin, information security ingineer, CCSE
Labels
Preview file
42 KB
Preview file
38 KB
Preview file
1 KB
Preview file
1 KB
0 Kudos
5 Replies
PhoneBoy
Admin
Admin
‎2024-09-03 08:29 AM

R80.30 and R80.40 are End of Support versions, FYI.
You might need to apply the update manually: https://support.checkpoint.com/results/sk/sk92509 

0 Kudos
Demin_Mikhail
Explorer
‎2024-09-10 04:51 AM
In response to PhoneBoy

Yes, i know that 80.30/80.40 is EOL. But i thought that the 80.30/80.40 gateways is able to dowload actual updates for Threat Emulation anyway. Am i wrong?

Mikhail Demin, information security ingineer, CCSE
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-10 10:19 AM
In response to Demin_Mikhail

Yes, but refer to the following important note in the SK:

image.png

0 Kudos
Demin_Mikhail
Explorer
‎2024-09-25 06:38 AM
In response to PhoneBoy

One more question: if i decide the update threat emulation manually following sk92509 so what package i need in my case with exe_analyzer issue? Basic or slim package?

Mikhail Demin, information security ingineer, CCSE
0 Kudos
PhoneBoy
Admin
Admin
‎2024-09-25 10:25 AM
In response to Demin_Mikhail

I'd go with the Slim package, if it were me.

0 Kudos

Leaderboard

Epsum factorial non deposit quid pro quo hic escorol.

View All ≫
Upcoming Events

    CheckMates Events