https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763579#M4776 <P>Hi both,</P><P>&nbsp;</P><P>We didn't get this working in the end, or at least I never found out the cause. The endpoints that hadn't been updated would suddenly show as compliant days later - so it could be the bug Jetsy linked. I didn't make any changes myself to our settings.</P><P>&nbsp;</P><P>Thanks.</P> Fri, 14 Dec 2018 09:10:18 GMT harrysocker 2018-12-14T09:10:18Z https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3365498#M4720 <P>I'm currently trialling AMP for Endpoints and have found there's no consistency with the status of the connectors I've installed on machines. Some show that the definitions are up to date. Some show as 'outdated definitions'. There isn't anything referenced in the documentation I've seen or on the forum.</P> <P>&nbsp;</P> <P>Is there a way to force the clients to update, either from client side or the portal? What prompts the connector to download new definitions that are available?</P> <P>&nbsp;</P> <P>Thanks for any help.</P> Sat, 09 Mar 2019 01:47:19 GMT https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3365498#M4720 harrysocker 2019-03-09T01:47:19Z https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3365924#M4721 <P>Hello Harry</P> <P>&nbsp;</P> <P>Did you added the required server address based on the Cloud that you have registered account with ?</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html</A></P> <P>&nbsp;</P> <P>If you want to schedule the new&nbsp;connector&nbsp; updates, then you can schedule it accordingly in the Management &gt; Policies.</P> <P>&nbsp;</P> <P>Regards</P> <P>Jetsy&nbsp;&nbsp;</P> <P>Regards</P> <P>Jetsy&nbsp;</P> Sat, 14 Apr 2018 06:19:19 GMT https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3365924#M4721 Jetsy Mathew 2018-04-14T06:19:19Z https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763502#M4745 <P>OP did you get this sorted? I'm having the same issue as you. I have the policy set with these two options and these are all that I can see that would be required:</P> <P>1. "automatic content updates" this is checked / enabled</P> <P>2. "content update interval" this is set to 1 hour which is the default</P> <P>Both options above around found in edit policy &gt; Advanced &gt; TETRA</P> <P>&nbsp;</P> <P><a href="https://community.cisco.com/t5/user/viewprofilepage/user-id/94963">@Jetsy Mathew</a> - the OP is talking about TETRA definitions, not software or AMP client update</P> Fri, 14 Dec 2018 06:49:56 GMT https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763502#M4745 tonypearce1 2018-12-14T06:49:56Z https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763529#M4757 <P>Hello Tony</P> <P>&nbsp;</P> <P>Is this was something working previously? In the following link there are server address that you should allow for the successful tetra definition update based on the cloud that you have registered with. Just make sure based on the cloud (EU,APJC,NAM) allow the traffic and make sure no inspection happens on the same.</P> <P>&nbsp;</P> <P><A href="https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html" target="_blank">https://www.cisco.com/c/en/us/support/docs/security/sourcefire-amp-appliances/118121-technote-sourcefire-00.html</A></P> <P>&nbsp;</P> <P>If its still doesnt work then its better to get a wireshark capture&nbsp;for a day or so from any of those workstation which shows definition outdated along with the diagnostics file and submit it to the Cisco TAC.</P> <P>&nbsp;</P> <P>Just fyi there was a known bug which got fixed sometime back.</P> <P>&nbsp;</P> <P><A href="https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj58637/?reffering_site=dumpcr" target="_blank">https://bst.cloudapps.cisco.com/bugsearch/bug/CSCvj58637/?reffering_site=dumpcr</A></P> <P>&nbsp;</P> <P>But if the issue has started recently then please contact the Cisco TAC and we will help you on the same.</P> <P>&nbsp;</P> <P>Regards</P> <P>Jetsy</P> Fri, 14 Dec 2018 07:31:57 GMT https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763529#M4757 Jetsy Mathew 2018-12-14T07:31:57Z https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763579#M4776 <P>Hi both,</P><P>&nbsp;</P><P>We didn't get this working in the end, or at least I never found out the cause. The endpoints that hadn't been updated would suddenly show as compliant days later - so it could be the bug Jetsy linked. I didn't make any changes myself to our settings.</P><P>&nbsp;</P><P>Thanks.</P> Fri, 14 Dec 2018 09:10:18 GMT https://community.cisco.com/t5/endpoint-security/outdated-definitions/m-p/3763579#M4776 harrysocker 2018-12-14T09:10:18Z