Cisco AMP - Connector never leaves "Pending Reboot" State
We have pushed updates to the AMP connectors in our server policy around our scheduled maintenance window. During the Window, the servers were updated and restarted as required by both the updates and the connector. Upon reboot, the warning triggered saying that it requires a reboot even though the reboot had completed successfully. The former connector version was approximately 6.3.x and is now on the latest (7.1.7.X). We have a limited window of time to push updates so it's going to be hard to reboot again.
I was able to download the list of devices showing reboot required, write a script to enable the service and then ran a quick scan on the devices. I can see when they check in and pull new definitions, so I think the connector itself is okay, but the warning makes me worry that it isn't actually active. Anyone having this same issue? The OSs the device are running against are a mixture of Server 2016, 2012 and 2008R2 (which I am aware is EOL... don't ask me. It's the customer). Same behavior persists on Windows Connectors for workstation endpoints (Windows 10, and 7).
I have seen the following articles that somewhat address this issue but they appear to be dated by some time:
This is to say I have not tried the full shutdown method as I am not the sysadmin and have no access to their virtual environment to manually bring up these servers. I'd hate to come to the customer to do a hard-kill on some of these devices, so I am hoping this has been addressed in 2020.
Radius server configuration for 802.1XServer radius test1Address ipv4 10.1.1.1Key 1234!Server radius test2Address ipv4 10.1.1.2Key 1234!aaa group server radius TEST-grserver name test1server name test2!aaa authentication dot1x default group TEST-graaa aut...
One of the biggest concept in VPN Technologies is NAT Traversal, like NAT Traversal in VOIP deployment with SIP Protocol, the history is always inside the payload to solve the Incompatibility between NAT and IPSEC like the Incompatibility between SIP prot...
"What is this 'Orbital Query Corner' thing", you ask? It's the name of an occasional series of articles, each discussing one particular point or use case for the Orbital advanced search feature that is available in Cisco Secure Endpoint starting at ...
0. The Issue
On 20 July 2021, Microsoft issued an alert for CVE-2021-36934 "Windows Elevation of Privilege Vulnerability".  The problem in this case is an overly permissive Access Control List (ACL) applied to system files, including the Se...