Log in

Sangfor Support Center

Table of Contents
< All Topics
Print

[SCP] SCP keeps telling us that the alarm rule base has not been updated for xxx days. It is recommended to update it manually immediately.

Posted
Updated
Byadmin
Views4

Problem Description

SCP prompts that the rule base has not been updated for a long time. I check the rule base date and it is not automatically updated to the latest. Why does the automatic update not take effect?

Warning Information

Effective troubleshooting steps

  1. It is suspected that the asec VM cannot communicate with the rule base server, resulting in the rule base not being automatically updated. The ping test found that it can communicate with the rule base server.
  2. Check the platform vulnerability library and patch Service Pack EDR. The current version is the latest in the community.
  3. After consulting R&D, we learned that the rule base for the alarm on SCP does not belong to EDR, but is a rule base for network attack protection. The reason why automatic upgrade is not updated is that the online rule base of the asec product has not been uploaded yet (the offline upgrade file of the rule base needs to be manually imported first).
    Offline package and AF share:
    https://support.sangfor.com.cn/productSoftware/list?product\_id=13&category\_id=127 



Root cause

The asec product online rule library has not been uploaded, so the automatic update has not taken effect (currently being processed as soon as possible internally)

solution

After manually downloading and importing the offline upgrade file of the rule base, the rule base is updated to the latest version, and the SCP no longer continues to alarm.

Operation Impact Scope

None

Is this a temporary solution?

Yes

Suggestions and Conclusion

You can first obtain the information of the rule base corresponding to the alarm, and manually download the offline upgrade file imported into the rule base.
If the alarm vulnerability library version on SCP is not updated, you can manually update the vulnerability library on EDR (refer to the following kb)
http://tskb.sangfor.com/forum.php?mod=viewthread&tid=33778&search=412533446f465a456f4c6e42356a32&highlight=

Original Link

https://support.sangfor.com.cn/cases/list?product_id=36&type=1&category_id=25212&isOpen=true