recently we received the information, that on several clients the following error occurs:
Updates were not applied because of a detection script download/verification error: JTICLIENTMETA.
Afterwards the "Unable to find valid repository" error appears.
The error was reported on machines with installed VSE and ENS.
It probably happend after the check-in of VSE 8.8 Patch 13. Currently the following version of the Threat Intelligence Exchange module for VirusScan Enterprise is checked-in: 10.6.1.1191.
Could you please give an advice, how the resolve this issue?
The "Unable to find valid repository" error means that the system was unable to reach the defined repository (your ePO/ agent handlers/etc) to grab the updates. Usually a network issue causes this error i.e. a firewall is blocking or a proxy is incorrectly configured.
Is the system getting the other updates ok? i.e. the DAT Update content? And if yes, it may be worth checking in the logs to see if it is getting the updates from which repository.
If you search the mcscript log on one of the clients for "Unable to find valid repository" you will be able to identify if this error is occurring just for this update type or for others too.
thank you for the reply. All updates seem to be OK, DAT Signatures are up to date, Task, that were sent from ePO are also working on the endpoints, sot it could not be a network issue.
The "Unable to find repository" occurs just after the JTICLIENTMETA error - it seems, that for some reason the script cannot be downloaded/verified.
It would be important to see what errors occur when it says unable to find repository. In the mcscript log you should be able to see some errors such as curl error 6 (as an example). This is help understand why it can't reach the repository. If you are able to share the log extract, I'm happy to take a look otherwise I would encourage you to raise a support case with us and upload the logs so we can perform an analysis.
This isn't really an issue we can speculate on what is causing it, as there could be many reasons for failure.
Thank you for your post and response.
Can you kindly look into the mcscript log (%programdata%\Mcafee\Agent\logs) and check where exactly it is failing? You can pass the log over to us and we can have a look into it for you.
I was just going through some previous instances where this has happened and it usually points to the download of JtiContentDetection.mcs. This can definitely vary in your end. If this is the case, Can you try using the download links available in log to manually try and download this file via browser? If it is failing via browser, Can you help us with the response error as well? I am curious to know if this file is actually present in your repository in the mentioned location as per the logs.
if you are unsure of what location you should look into, please help us with the logs and let us investigate with the same.
I have checked the McScript.log and found the following entry:
2019-09-05 08:58:57 I #6204 ScrptMgr Setting the working dir as C:\ProgramData\McAfee\Agent\\Current\JTICLIENTMETA
2019-09-05 08:58:57 I #6204 ScrptExe Line 614: RunScript dwRet = C:\ProgramData\McAfee\Agent\\Current\JTICLIENTMETA\JtiContentDetection.McS, ScriptMain
2019-09-05 08:58:57 I #6204 ScrptMgr Loading and parsing: C:\ProgramData\McAfee\Agent\\Current\JTICLIENTMETA\JtiContentDetection.McS
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [ScriptMain]
2019-09-05 08:58:57 I #6204 ScrptMgr Beginning Content 18.104.22.1688 detection
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [InitThisScript]
2019-09-05 08:58:57 I #6204 ScrptMgr Checking whether Threat Intelligence Exchange module is installed or not
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [IsProductInstalled]
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [CheckForProducts]
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [CheckForVseTie]
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [CheckForEnsTie_1000]
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [CheckForEnsTie_1020]
2019-09-05 08:58:57 I #6204 ScrptExe Executing section: [NotifyProductNotFound]
2019-09-05 08:58:57 I #6204 ScrptMgr The Threat Intelligence Exchange module is not installed
There was no link with the JtiContentDetection.mcs, I guess, it was already downloaded.
Is it a normal VSE behavior, that, even, when the module is not installed, it tries to run the mentioned script?
Great finding! As you can see the script has found the VSE TIE Module isn't installed and so therefore the content can't be updated.
The script which is run by the agent, will execute for anything you have specified in your update task. As you can see it runs a detection script first and will only download + install the content if a related product is installed.
thanks for the quick help, I will give you feedback, when the issue will be checked from the update task site.
You got it! As @chealey pointed out, the product is not present. The product that will work with this is called Threat Intelligence Exchange Module for VirusScan Enterprise.
Unless this product component is present, this update is invalid. May I know if this component is being used in your environment?