Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2057
Views
5
Helpful
3
Replies

AntiSpam & Antivirus Automatic Scheduled Updates Problem

jnourbakhsh
Level 1
Level 1

‎08-07-2021 08:50 PM

Hi Dear Support

According to the Security Service -> Automatic Updates Period time, ESA try to get latest updates for all modules. Most of the time i see it works but not for all modules (As per Attachments Screenshots).

But when i run the following commands in CLI mode, all Antivurus & AntiSpam modules, become updates. So could you please help me why it happened & how can i get all module updates at the same time.

I know that, some parts of modules frequently get updates per day (e.g Antivirus/Antispam Signature) but why when i run commands from CLI, All become update at the same time?

1. updatenow force

2. talosupdate force

 

AntiSpam.jpg

 

Antivirus.jpg

 Before run commands from CLI

 

 

AntiSpam_Updates.jpg

Antivirus_Updates.jpg

After run two commands.

 

Best Regards

 

 

 

 

 

 

 

 

 

 

 

1 person had this problem
Labels:
3 Replies 3

group2xxx
Level 1
Level 1

‎08-11-2021 09:01 PM

Hi Cisco Support Team

I have same problem & why nobody answered the questions? Please answer as soon as possible.

 

Thanks, Janet

0 Helpful

Prab
Level 1
Level 1

‎08-16-2021 02:30 AM - edited ‎08-16-2021 02:32 AM

Hi,

 

Normally the ESA will auto-update and install the new signatures and you do not need to perform any manual operations.

Make sure that the ESA has connectivity to the Cisco content servers and is able to download the updates.

Ref: https://www.cisco.com/c/en/us/td/docs/security/esa/esa14-0/user_guide/b_ESA_Admin_Guide_14-0/b_ESA_Admin_Guide_12_1_appendix_0101111.html

 

You could check the "Updater Logs" to see why the updates are not happening.

I would recommend creating a support case and get assistance from the TAC. It could be a potential bug.

 

Cheers,

Prab

0 Helpful

dmccabej
Cisco Employee
Cisco Employee

‎08-16-2021 06:23 AM

Hello,

 

Thank you for reaching out. I just wanted to let you know that this is expected behavior and nothing to be concerned with. By default, the Email Security Appliance (ESA) will reach out for updates and pull down any pending updates every 5 minutes; however, this does not mean that updates are available every 5 minutes. You will normally see that rules/IDEs are updated many times throughout the day, while for things like core/engines, it may be weeks or longer between updates. 

 

The only reason why the Last Update time was updated is that you ran the force commands, which will essentially re-download and apply everything no matter if they are currently up to date or not. Though, if you look at the versions of the core/engine files before and after running the update, you can see that they are identical.

 

Here is an example from my lab which shows the same:

 

(Machine test.lab.local)> antispamstatus ironport

Component Last Update Version
CASE Core Files 04 Aug 2021 22:00 (GMT +00:00) 3.10.0-038
CASE Utilities 04 Aug 2021 22:00 (GMT +00:00) 3.10.0-038
Structural Rules 16 Aug 2021 12:26 (GMT +00:00) 3.10.0-20210816_080001
Web Reputation DB 15 Aug 2021 03:15 (GMT +00:00) 20210815_033129
Web Reputation DB Update 16 Aug 2021 12:36 (GMT +00:00) 20210815_033129-20210816_130106
Content Rules 11 Aug 2021 14:07 (GMT +00:00) 20210811_071747
Content Rules Update 16 Aug 2021 12:36 (GMT +00:00) 20210816_130257
Bayes DB 15 Aug 2021 21:24 (GMT +00:00) 20210815_203821-20210815_215005

 

Thanks!

-Dennis M.

0 Helpful
Customers Also Viewed These Support Documents