Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
6229
Views
25
Helpful
12
Replies

Secure Endpoint Windows connector 7.5.1.20813 update warning!

gernot.schmied
Level 1
Level 1

‎12-02-2021 12:50 AM - edited ‎12-02-2021 12:58 AM

Hi,

 

want to sum up my experience with deploying Secure Endpoint Windows connector 7.5.1.20813 updates yesterday:
Two notebooks with curent CPU displayed "Computer CPU incompatible with Behavioral Protection engine SSSE3 requirement." and stopped updating signature sets entirely in the process. Besides, these notebooks even support SSSE4.

All other desktop workstations with current Windows patchlevel and very different setups failed to deploy and screwed the drivers even after a reboot to an extent, where they required uninstallation and fallback reinstall to previous version. In sum it screwed up all my 8 different endpoints. Error message: "A driver error caused the upgrade to fail. This computer is currently unprotected. You must reboot the computer to resume protection."
If you would not watch that closely and do an automated deployment that would pretty much leave you with totally unprotected endpoints in your entire infrastructure!!!!

Great screwup Cisco, thanks for that and the time wasted! My fellow users, stay away from that release as far as you can as long as Cisco get's ther sh... together.

PS: running Windows 10 Enterprise 21H2 build 19044.1387

 

not amused at all.

Gernot

 

Labels:
12 Replies 12

Marvin Rhoads
Hall of Fame
Hall of Fame

‎12-02-2021 04:43 AM

Have you opened a TAC case?

It's working fine for me on the same build of Windows 10.

Cisco Secure Endpoint 7.5.1.20813Cisco Secure Endpoint 7.5.1.20813

0 Helpful

gernot.schmied
Level 1
Level 1
In response to Marvin Rhoads

‎12-02-2021 04:59 AM - edited ‎12-02-2021 05:30 AM

Hi Marvin,

 

no, I haven't since I don't have a TAC-Contract. Problems at my end as described. Maybe it works as a clean install but certainly not as an update. Could You maybe elaborate on the "Computer CPU incompatible with Behavioral Protection engine SSSE3 requirement." although the CPU obviously meets all requirements including SS4? By the way, the previous version works like a charm on all devices, had to fall back.

 

Thanks, Gernot

0 Helpful

Marvin Rhoads
Hall of Fame
Hall of Fame
In response to gernot.schmied

‎12-02-2021 07:02 AM

Mine was an upgrade - this same computer has been running versions of Cisco Secure Endpoint / AMP for Endpoints for about 5 years and upgraded regularly to the latest release.

If you have a licensed Cisco Secure Endpoint deployment it should automatically include Cisco support. Your reseller should be able to provide the service contract number for opening TAC case if you don't have it.

I don't have any insight into that error message that you are getting except to speculate that it is specific to the policy applied in your group. My (working) policies have Behavioral Protection disabled:

Secure Endpoint Policy.PNG

0 Helpful

Troja007
Cisco Employee
Cisco Employee

‎12-03-2021 12:57 AM

Hello @gernot.schmied ,
I´m sorry that Secure Endpoint is not working as expected inside your environment. Looks like something got broken with Secure Endpoint 7.5.1. Engineering is working on a fix.

  • Behavioral Protection Engine is working probably, even you see the error messages. This was already confirmed by Engineering and you can see the statement in the Endpoint Console.
  • Regarding the driver message: This is an uncommon message or I have not heard so far about it. If you have opened a TAC case for this, can you please PM me to share the Case number?? Want to take a close look into it.

Thanks and Greetings,
Thorsten

0 Helpful

gernot.schmied
Level 1
Level 1
In response to Troja007

‎12-04-2021 12:14 PM

Thank you all for your assistance, greatly appreciated! This is a great community.

I will wait two weeks and check the relases notes and give it another try or contact TAC to investigate this further, too busy right now. I've not had any issues such as "Error message: "A driver error caused the upgrade to fail. This computer is currently unprotected. You must reboot the computer to resume protection." with the most recent last two updates.

Maybe you can have a look at what might trigger such an error or what driver is referred to. Not just the upgrade failed but it leaves the running install crippled. When I rebooted suddenly MS Defender was the primary AV-Engine and not AMP anymore ?!

Regards, Gernot

Troja007
Cisco Employee
Cisco Employee

‎12-07-2021 08:46 AM

Hello @gernot.schmied,
just for your info.... the root cause of the issue was very simple. The Secure Endpoint updater expected a folder for Microsoft AMSI which is not available. This resulted into the error and a misleading error description. This has been fixed with version 7.5.1.20833.
Important note: At any time, Secure Endpoint provided the full protection.
Once again, sorry for this.
Greetings,
Thorsten

0 Helpful

MuZeeshan28731
Level 1
Level 1
In response to Troja007

‎12-09-2021 03:59 AM

So any other issues reported to version 7.5.1.20833 ?

Can we start mass rollout/update? or there is update planned soon ?

0 Helpful

gernot.schmied
Level 1
Level 1
In response to Troja007

‎12-18-2021 01:34 PM

Hello,

I managed to rollout two workstations without a problem. Running into a problem on my Lenovo notebook though. Cisco Secure Endpoint/AMP is not recognized as security provider and hence cannot be selected as primary, regardless what I tried.  It really sucks to debug this but I presume another bug on Cisco's side since this worked fine in the previous version.

 

Regards, Gernot

MuZeeshan28731
Level 1
Level 1
In response to gernot.schmied

‎12-20-2021 01:28 AM

Hi,

 

Which version of AMP it is and on which OS?

I have tested V7.5.1 on win 10 and its working fine on 300 endpoints. 

carlos.cordeiro
Level 1
Level 1
In response to gernot.schmied

‎01-05-2022 12:49 PM - edited ‎01-05-2022 12:51 PM

I am having the same issue with Windows security not recognizing Cisco Secure Endpoint as active or primarymceclip1.png   mceclip0.png

When I open the UI it shows Cisco Secure Endpoint on and running fine.

Also running 7.5.1.20833 on Windows 10 21h2, 21h1 and 20h2 

0 Helpful

MuZeeshan28731
Level 1
Level 1
In response to carlos.cordeiro

‎01-06-2022 01:00 AM - edited ‎01-06-2022 01:01 AM

I did not found this issue with 7.5.1.20833 (not 20813) running on more than 4000 endpoints/servers. 

can you restart the system and see if its resolved? Please keep in mind use restart option, not power off/on. 

0 Helpful

jmiller21
Level 1
Level 1
In response to carlos.cordeiro

‎05-02-2022 01:00 PM

I recently ran into this issue when we attempted to roll out an upgraded policy with 7.5.3.20938. Endpoints currently have 7.5.1.20833. I have a TAC case open about all of the failed upgrades- roughly 60%. I believe this is caused/triggered when the service is stopped and Windows sees that nothing is "protecting" the endpoint, but because the upgrade failed the service starts back up. I can correspond the event times in the console and Windows to confirm the relationship between the two. Bashing my head over this for about 2 weeks now and just stumbled across the correlation. haha. If I get a solid answer from TAC, I try to share here. 

 

Just thought you should know, you aren't alone. 

0 Helpful
Customers Also Viewed These Support Documents