Antivirus Database and ioa / ioc library is not updated
Issue Description
Customer feedback that the ioa / ioc library is not updating as the database version is very old.
Handling Process
1.Check whether Endpoint Secure Manager able to communicate with the download servers.
| Database | Links |
|---|---|
| VirusDB | https://download.sangfor.com |
| IOA | download.sangfor.com.cn |
| IOC | intelligence.sangfor.com.cn |
2.Ensure the ES Manager able to telnet port 80,443 and ping to the download servers.
3.Enable debug logs.
Command: touch /tmp/eps_debug
4.Check on the following logs for further investigation.
[VirusDB]
/sf/edr/manager/var/log/vdbupdate/
/sf/edr/manager/var/log/patch_upgrade/
[ioa/ioc]
/sf/edr/manager/var/log/sfeupdrule/
/sf/edr/manager/var/log/upgrade/
Root Cause
Customer environment has strict network control, not allowing the Endpoint Secure to communicate with download server.
Solution
Check on the firewall rules on the customer environment, ensure that the ES Manager have access to the download servers.
If only virusdb is not updating, you may refer to this KB.
https://kb.sangforsupport.com/support-center/uncategorized/antivirus-database-is-not-updated-on-the-es-manager/
Suggestions
Other servers:
