Cisco AMP connector update

EHChris01 · ‎09-24-2019

After updating to a newer version of AMP, we have experienced an issue where several users (not all) continue to be prompted for a reboot, even after the update has been installed and the user has rebooted several times. Any suggestions?

Troja007 · ‎09-25-2019

Hello @EHChris01,

your question is a little bit too generic to give you a direct answer. I have tested many situations, but have not seen your issue. Which does not mean, that issues can happen. :-)

1) What was the original version of the AMP connector?

2) What is the version you have updated to?

Finally, this is not a common or frequently reported issue. So someone has to take a look what is going on with your endpoints. I think the fastest way to solve your problem is to open a TAC case.

Greetings,

Thorsten

Jim2k · ‎10-03-2019

I have had a similar issue before and i was going from 5.1.11 to 6.1.7 using sccm. We had to do 2 task 1 was first uninstall 51.11 and then do a reboot. then do a 6.1.7 install. what i have seen in the console is the update and then it would say machine needs a reboot. and then you see the restart event in the amp console. but the user would still get a popup saying it needs to restart. What i had the user do was do a shutdown instead of a restart. It seems on bootup form a shutdown it registers with the amp cloud and everything just starts working. so it seems the agent looks at a restart differently from a shutdown

Matthew Franks · ‎10-03-2019

The reason a full shutdown works is likely due to the Fast Startup feature in Windows. Even some Windows updates fail to work properly without an actual full shutdown.
https://support.microsoft.com/en-us/help/4011287/windows-updates-not-install-with-fast-startup

Thanks,

Matt

jmarcel2 · ‎02-04-2021

I have exactly the same problem when upgrading from 6.3.7 to 7.3.9, AMP connector were upgraded and ask for reboot, but even after several reboots the AMP is always asking for reboot. On top of it AMP connector stopped communicating with Cloud. These happened on lot of connectors. Is there any advice, what to do?

Thanks

Marcel

Jim2k · ‎02-04-2021

My first question is how are you doing your upgrade? When going from a 6.x to a 7.x you need to do an uninstall, then reboot. then install

that was the tasks sequence we setup in SCCM. if you were going from say a 7.3.3 to 7.3.9 then you can update from the console. This works as I tested it and will be doing my next update this way. What i do now is i uncheck "start start client user interface" in the policy. this is so that amp does not load in the system tray. that way users do see these types of annoying messages.

on a machine that is having the issue and you know it was rebooted run this command

systeminfo | find “System Up Time:” see if it is registering the right time

do this to look at a remote machine

systeminfo /s gmastrokostas08 | find “System Up Time:”

as far as not communicating with cloud. that could be maybe a network issue or amp driver issue

try this to see if the drivers are loading

driverquery | findstr Immun
ImmunetNetwo ImmunetNetworkMonitorD Kernel 9/30/2020 2:26:16 PM
ImmunetProte ImmunetProtectDriver File System 10/9/2020 2:30:18 PM
ImmunetSelfP ImmunetSelfProtectDriv File System 10/9/2020 2:29:42 PM

on some machines I had users just do a complete shutdown. wait then startup. That would work.. other users worked after just a reboot. it depends what is running on the machine

jmarcel2 · ‎02-05-2021

Hi we are doing the update through Cisco AMP console, with settings "ask for reboot" Not over SCCM. User get popup message, that reboot is needed otherwise client is unprotected. But after several reboots, it always asks for reboot..

And we upgrade AMP 6.3.7 to 7.3.9.

I have asked On Site team to shutdown the machine and turn back on. + I will check for the time and driver info.

Thanks for hints, will let you know how it goes.