If the file is torn while downloading from the internet, definitely it is because of the network device. One of your network device thinks that some suspicious file being downloaded from internet.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

Hi LKS,

Thanks for checking. I've been attempting my downloads from 3 different networks, the ePO-triggered ones are from the environment network, and manual downloads from https://www.mcafee.com/enterprise/en-us/downloads/security-updates.html with 2 other networks, which are an unrelated office connection and a datacentre guest wifi. It seems unlikely that the same file will get chewed up by network devices on 3 different networks.

In any case, I've managed to get a clean download of just avvdat-9412.zip from http://update.nai.com/products/commonupdater/ though. If I unpack the avvepo9412dat.zip from the Security Updates site, replace the broken avvdat-9412.zip and zip it back up again, will this repacked package be accepted by ePO or does McAfee sign its update packages?

If you are able to download a clean copy of ZIP file from McAfee product download then checkin into ePO Master Repository. But do not replace the file which you downloaded from update.nai.com.

The reason : 

When you download from Product download site, the zip file contains signature details, PkgCatalog.z file and other supported files and there will be some sequence process should follow when you push it to client machine. If you are manually try to replace the corrupted files, it will never going to work.

Best i would suggest completely whitelist the following URL "http://update.nai.com", on your network appliance and try again from EPO. In my experience 99.99999% of the case ended up on network device.

Was my reply helpful?

If you find this post useful, please give it a Kudos! Also, please don't forget to select "Accept as a soultion" if this reply resolves your query!

Sometimes it depends on the time of day you are pulling the file.  We have many update servers and when they are being replicated to, you may get a partial file because it hasn't finished being replicated to.  We always advise try different times of day an you can also try one of the other commonupdater sites.  There is commonupdater, and commonupater2 that you can alternate between when that happens.  

Hi @Wu_Yuxuan 

Can you also kindly check and confirm if this issue pops up with 9413 as well since it has already been released?

Hi all,

It was still happening with 9413, but seems to be a problem with the commonupdater directory specifically. I've added commonupdater2 & 3 to the Source Sites and tested them successfully with a repo update server task, so for now my workaround is to have 1 master repo update task for each site, broadly spaced out so they don't waste bandwidth and hammer the site.

The entries in epoapsvr log are quite similar to the case posted by @Hem, but I have hr=-112 instead. Below is a log snippet of the failed update attempts.

20191017115533 I #01304 INETMGR Downloaded file avvdat-9412.zip successfully in session 1, size=130735277, SHA1 hash=80EF18B69839DCE6304D6B890329D8FE228BEA8D, SHA256 hash=578E208D608EC6E5F853BE328F836BE1D0BBCFE8A7E2925BF328FA4E070223A2.
20191017115534 E #01304 SITEMGR SiteMgrHelper.cpp(115): File SHA1 hash code verification for C:\Windows\TEMP\nai42C.tmp\00000002\avvdat-9412.zip failed.
20191017115534 E #01304 SITEMGR Mirror.cpp(1145): Verify file avvdat-9412.zip size and hash failed, hr=-112
20191017115534 I #01304 SRVEVTINF Database initialization: Starting.
20191017115534 I #01304 NAISIGN Found master install key, decoding
20191017115534 I #01304 MFEFIPS Loading: "C:\PROGRA~2\McAfee\EPOLIC~1\x64", Role = Officer, Mode = Normal
20191017115534 I #01304 MFEFIPS Module Initialized.
20191017115534 I #01304 MFEFIPS MFEFIPS_Status() returned 1
20191017115534 I #01304 SRVEVTINF Database initialization: Succeeded.
20191017115534 I #01304 NAINET HTTP Session closed