Cisco AMP Tetra update definitions not updating

pavan1989 · ‎04-18-2020

Hello Team,

We are seeing Cisco AMP Tetra update definitions not updating to Endpoint protection. We have allowed tetra-defs.amp.cisco.com in the firewall but still, we are seeing definitions failed in the Endpoints. Please guide me on how to resolve the issue.

Matthew Franks · ‎04-18-2020

There could be several things at play here so it is impossible to troubleshoot without logs. I suggest putting the machine into debug mode and waiting for the next update to see what the C:\Program Filees\Cisco\AMP\<version>\sfc.exe.log file shows for the TETRA update. If you're on 7.2.7, you don't have to wait, you can force a TETRA definition update via the command line:

"C:\Program Files\Cisco\AMP\7.2.7\sfc.exe" -forceupdate

Typically it is a connectivity issue or a proxy manipulating the traffic.

Thanks,

Matt

pavan1989 · ‎04-18-2020

Hello Matthew,

Thanks for your reply. I did force update and but still, the issue persists. Please refer to the attached screenshot.

Matthew Franks · ‎04-18-2020

The force update command only works on the latest release of 7.2.7. I can see from your screenshot that you're on 7.2.3 (which was actually pulled from production so I recommend upgrading to 7.2.7 anyway). Despite that, the screenshot gives a good indication of why the Definition Updates failed, "Update failed because of a network timeout. Check your network, firewall or proxy settings to verify connectivity between endpoints and the update server." It appears that something is either blocking the connection or altering it along the way. I recommend opening a TAC case if your would like further assistance in determining the issue so they can look more closely at the system's logs.

Thanks,

Matt

pavan1989 · ‎04-18-2020

Hello Matthew,

Thank you for your support.