Cisco AMP - Connector never leaves "Pending Reboot" State
We have pushed updates to the AMP connectors in our server policy around our scheduled maintenance window. During the Window, the servers were updated and restarted as required by both the updates and the connector. Upon reboot, the warning triggered saying that it requires a reboot even though the reboot had completed successfully. The former connector version was approximately 6.3.x and is now on the latest (7.1.7.X). We have a limited window of time to push updates so it's going to be hard to reboot again.
I was able to download the list of devices showing reboot required, write a script to enable the service and then ran a quick scan on the devices. I can see when they check in and pull new definitions, so I think the connector itself is okay, but the warning makes me worry that it isn't actually active. Anyone having this same issue? The OSs the device are running against are a mixture of Server 2016, 2012 and 2008R2 (which I am aware is EOL... don't ask me. It's the customer). Same behavior persists on Windows Connectors for workstation endpoints (Windows 10, and 7).
I have seen the following articles that somewhat address this issue but they appear to be dated by some time:
This is to say I have not tried the full shutdown method as I am not the sysadmin and have no access to their virtual environment to manually bring up these servers. I'd hate to come to the customer to do a hard-kill on some of these devices, so I am hoping this has been addressed in 2020.
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...