Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
453
Views
0
Helpful
3
Replies

Cisco AMP Connector Upgrade

mmkh616
Level 1
Level 1

‎11-20-2024 11:14 AM

I have a group of devices running Windows 10 and Windows 11 that are not auto-upgrading from Version 6.0.9.10685 to the latest version, 8.4.2.30317. This issue seems isolated to a specific group of devices, even though they are under the same policy as other devices that successfully upgraded.

One thing I noticed is that the devices that failed to upgrade were on base builds of Windows 10 and 11. I updated one device of each OS to the latest build and then tried pushing out the latest connector again, but it still didn’t work. I also tried running a script to install the latest version manually, but this resulted in both versions (6 and being installed. Despite this, the Cisco portal still only shows Version 6.

With Version 6 reaching end of support at the end of the month, I’m trying to find a way to update these devices remotely without having to visit 100 machines manually.

Can anyone advise or assist with why these devices aren’t upgrading or what might be causing the issue? Thanks

0 Helpful
3 Replies 3

Roman Valenta
Cisco Employee
Cisco Employee

‎11-20-2024 01:43 PM - edited ‎11-20-2024 01:56 PM

You might have to try first update those endpoints to legacy version 7.x and then try to update to 8.x.

Unfortunately there is no guarantee with such as obsolete connector version that this will work. Ultimately with connector that old I would recommended to completely un-install the connector and then download fresh installation and install the new connector through your automation such as SCCM or using command line switch.

https://www.cisco.com/c/en/us/support/docs/security/amp-endpoints/213690-amp-for-endpoint-command-line-switches.html

 

Also statement that version 6 is  just reaching end of support at the end of this month is not accurate either. Version 6.0.9 was introduced in March 2018 and the connector become EOS by November 2018 with introduction of version 6.2.1. What you refereeing to as EOL is different.

On October 31st anything older than 6.3.7 will stop working and communicate with the cloud indefinitely.

https://www.cisco.com/c/en/us/support/docs/security/secure-endpoint/221813-end-of-service-for-windows-connector-ver.html

However it still doesn't mean that everything after 6.3.7 is supported either.

Currently only supported releases are:

https://console.amp.cisco.com/help/en/Content/Secure_Endpoint_User_Guide/Windows_System_Requireme.html#windows_connector_4294664399_1620759

Legacy:

7.5.17 and 7.5.19

New Connector

8.2.3, 8.2.4, 8.4.0 and 8.4.2

0 Helpful

mmkh616
Level 1
Level 1
In response to Roman Valenta

‎11-21-2024 06:13 AM

Thanks for your response.

Our devices that haven't auto-upgraded are still running Version 6.0.9, which is no longer supported. I’ve been using third-party tools like KACE to deploy a script that uninstalls and reinstalls the latest version (8.4.2.30317), but the installation fails. I’m confident the script isn’t the issue since it works perfectly on newer devices.

After some troubleshooting, I found that the Windows 10/11 devices failing to auto-upgrade (or upgrade via script) are running base versions of Windows 10/11. I upgraded these devices to the latest Windows builds and attempted the upgrade again, but it still failed.

I’m trying to avoid manually updating 100 devices and wondering if there’s a way to streamline this process using a script. I was considering whether upgrading these devices from Version 6.0.9 to Version 7.x first, and then to Version 8.x, might work. However, I’m not sure if this approach is viable.

Is there any way to download a legacy Version 7 connector, even though we’ve transitioned all product updates to Version 8.4.2.30317?

Thanks again for your help

0 Helpful

Roman Valenta
Cisco Employee
Cisco Employee

‎11-21-2024 07:00 AM - edited ‎11-21-2024 07:01 AM

One thing to consider as well and make sure this was completed:

 

Note: As of connector version 7.5.7, installation requires OS patches with Trusted Signing as required by Microsoft.

Note: As of connector version 8.1.3, installation requires OS patches with Trusted Signing as required by Microsoft.

 

When it comes to Legacy version  7.X.X you can still download these from your portal. You can either create new Group/Policy and move all the endpoint that did not updated there and set the policy to your desired version after that you will be also able to download that version under management -- > download connector

or

you can change current policy to the legacy version and do the same thing with downloading the installer.

 

Note: Remember you can't downgrade via portal so changing policy to 7.x.x on policy that was already updated to 8.x.x will have no effect on endpoint that are currently running 8.x.x. Only endpoint bellow target release will try to update.

If you still running in to issue you might have to open TAC case but  I would try first at least on one endpoint to perform manual installation and not using your script to verify there is no other issue that you can't see when using script, RDP session in to one of the endpoint would do just fine just to see if any errors will pop up on the screen. Please remember TAC do not support custom scripts and can't help you with modifying those either.

0 Helpful
Customers Also Viewed These Support Documents