cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted

How to update Linux Threat Prevention DAT files through ePO?

Hello,

I know you can update Linux Threat Prevention DAT files manually offline without EPO but can it support having it's DAT file updated through ePO like for Windows?

24 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 25

Re: How to update Linux Threat Prevention DAT files through ePO?

Yes, you just have to have the content in the epo repository and set up an update task for it.  Any existing update task should do, as long as you also have dat checked as option to update.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: How to update Linux Threat Prevention DAT files through ePO?

I have the update task setup and I thought that would do the trick but seems like it still hasn't updated. I may have the settings wrong? Note that my ePO is setup on-prem in an isolated room with no internet. Here is what I have for the Linux client:

./mfetpcli --version
McAfee Endpoint Security for Linux Threat Prevention
Version : 10.7.0.351
License : Full
DAT Version : 999.0
DAT Date : 02-01-2020
Engine Version : 6010.8670

 

ePO:

mcafee1.JPG

mcafee2.JPG

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 4 of 25

Re: How to update Linux Threat Prevention DAT files through ePO?

Has it ever updated?  If so, when did issue start?  What agent version are you running?  5.5.1 has some scheduling issues, etc., so you might want to update it.  Also, since you are not connected to internet, make sure your system has the right root certificates.  You might want to check out https://kc.mcafee.com/corporate/index?page=content&id=S:KB92631.

Also check out https://kc.mcafee.com/corporate/index?page=content&id=KB92937

I would also suggest updating the agentkeyupdater package as well as the msgbus cert updater package and enable them in the update task.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 5 of 25

Re: How to update Linux Threat Prevention DAT files through ePO?

If none of those help, then check this out:

https://community.mcafee.com/t5/ePolicy-Orchestrator/HOW-TO-TROUBLESHOOT-CLIENT-UPDATE-DEPLOYMENT-FA...

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: How to update Linux Threat Prevention DAT files through ePO?

It's always been like this after setup. Never once been successful in getting updated DAT from ePO. The agent version for Linux is: 5.6.5.236

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 7 of 25

Re: How to update Linux Threat Prevention DAT files through ePO?

Check the mcscript log on the client to see why it is failing.  That article I referred you to should show log locations.  I believe it would be /var/McAfee/agent/logs

 

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: How to update Linux Threat Prevention DAT files through ePO?

Here is the masvc_<hostname>.log after I run "./mfetpcli --runtask --index 3"(which is to manually update), not sure if it has any relation:

2020-06-02 07:13:33.013 (46727.46727) Updater.Info: Received updater request initiator_type=0 request_type=0 taskid={3dcf2e30-a4db-11ea-31e8-21855b7ef6fb}.
2020-06-02 07:13:33.013 (46727.46727) Updater.Info: Creating on Demand updater request, task id = {3dcf2e30-a4db-11ea-31e8-21855b7ef6fb}.
2020-06-02 07:13:33.013 (46727.46727) Updater.Info: Adding the updater request taskid <{3dcf2e30-a4db-11ea-31e8-21855b7ef6fb}> in the queue.
2020-06-02 07:13:33.017 (46727.46727) reporank.Info: Policy change as got from Configurator <0>
2020-06-02 07:13:34.035 (46727.46727) Updater.Info: Invoking mue as, [/opt/McAfee/agent/bin/Mue_InUse -script /var/McAfee/agent/update/UpdateMain.McS -id 849398106 -localeid 0409 -logfile /var/McAfee/agent/logs/McScript.log -parent FRAMEWORK -initiator 0 -installdir /opt/McAfee/agent//lib -taskid {3dcf2e30-a4db-11ea-31e8-21855b7ef6fb} (null) ].
2020-06-02 07:13:34.038 (46727.46727) Updater.Info: Updater engine is spawned successfully.
2020-06-02 07:13:34.038 (46727.46727) Updater.Info: Creating mue event handler.
2020-06-02 07:13:34.038 (46727.46727) Updater.Info: Created mue event handler.
2020-06-02 07:13:34.038 (46727.46727) Updater.Info: Launched updater engine successfully.
2020-06-02 07:13:34.038 (46727.46727) Updater.Info: Updater session started for initiator type=0, task id = <{3dcf2e30-a4db-11ea-31e8-21855b7ef6fb}>.
2020-06-02 07:13:34.110 (46727.46727) msgbus.Warning: hash comparisons match failed
2020-06-02 07:13:34.158 (46727.46727) proxy_detect.Info: no system proxy, proxy detect returns rc <7>
2020-06-02 07:13:34.183 (46727.46727) proxy_detect.Info: no system proxy, proxy detect returns rc <7>
2020-06-02 07:13:34.183 (46727.46727) proxy_detect.Info: no system proxy, proxy detect returns rc <7>
2020-06-02 07:13:34.183 (46727.46727) Repository.Error: detect system proxy failed <rc = 12>.
2020-06-02 07:13:39.184 (46727.46727) Updater.Info: Script Event : EID:0, Sev:0, ProductId:EPOAGENT3000, Locale:0409, Type:N/A, State:1, Error:0, NewVersion:N/A, Date:N/A, Message:
2020-06-02 07:13:39.184 (46727.46727) Updater.Info: Script Event msg iEventId "0" iSeverity "0" iProductId "EPOAGENT3000" iLocale "0409" iUpdateType "N/A" iUpdateState "1" iUpdateError "0" iNewVersion "N/A" iDateTime "N/A" iCustomMessage ""
2020-06-02 07:13:44.198 (46727.46727) Updater.Info: Updater engine exited with exit status as 0 and term signal 0.
2020-06-02 07:13:44.200 (46727.46727) scheduler.Info: Scheduler: Task [{3dcf2e30-a4db-11ea-31e8-21855b7ef6fb}] is finished
2020-06-02 07:13:44.202 (46727.46727) scheduler.Info: The task {3dcf2e30-a4db-11ea-31e8-21855b7ef6fb} is freed

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 9 of 25

Re: How to update Linux Threat Prevention DAT files through ePO?

The mcscript log is the one you need to be looking at.

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

Highlighted

Re: How to update Linux Threat Prevention DAT files through ePO?

Hmm I'm reading the McScript.log file but it doesn't seem to update after the update command task I enter is finished:

/opt/McAfee/ens/tp/bin/mfetpcli --runtask --index 3

I also updated the agentkeyupdater package as well as the msgbus cert updater package

 

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community