For few systems AMCore/DAT is showing updated in ENS console as well as in ePO console but in regisrty it is showing outdated. May I know the reason why it is not showing updated in regisrty?
Thank you for your post! Nice to see you active here! May I know which registry location you are referring to? I shall look into this for you.
😄 That location sounds about right. Are you looking for the version number under dwContentMajorVersion ?
Although, We would not recommend referring to the registry key as this is only for the product itself to digest the update and have the keys updated, however, not for User reference Is the endpoint not updating fine? Any specific reason for looking into a registry reference for updated stratus of endpoint security?
Ya Adi . from dwContentMajorVersion i'm checking.
Actually the monitoring tool is fetching data from the registry on individual server to check the compliance status of AV on a daily basis. As the content version is showing outdated in registry it is triggering an alert .
Ah, That makes perfect sense! May I know the data present on this location ?
For example, Today's Definitions as of now as per https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html?region=us is 3895.
Also, Can you kindly confirm what do you see from the below location as well?
Value of CMajor is to be looked into here. It would be helpful if you can help us with Screenshots as well!
From the location Computer\HKEY_LOCAL_MACHINE\SOFTWARE\McAfee\Endpoint\AV\AVCM it is showing as updated 3895.
I checked the affected server around 7:15 IST on 18th Nov. The server system date is showing as 19th Nov . And in registry the szContentCreationDate is showing as 16th Nov.🙄🤔😥
Hi @Sudip1 ,
Thank you for the update. Weird! What is the version number in here? The version 3895 bears 17 Nov as the Creation date and my machine date is 18 November. Content creation date of 16 Nov should have 3894 or 3893.
May I know what it shows? Can you run an update task or Update now and check if these values are updated in these locations?
Thank you for your screenshots. The machine does look genuinely out of date since the screenshot shows date as 19 November (considering the timezone, 17th November's definition should be present if the dat update was being run every day successfully).
This definitely looks weird. But, May I know why this date is being referred to? Is this the date that is being used by the third party software to validate the endpoint's compliance?
Can you kindly try running dat update locally from https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html and check these locations again to confirm if the same issue happens?