I have been noticing a trend on some of my Linux machines not updating MEDDAT. I have a task that runs and I have tried using Update Now and both fail. An uninstall and reinstall of TP will temporarily fix this issue but I am hoping someone has found a better option because it eventually comes back. I verified the kernel in use is supported and I'm currently running Platform 10.7.10.110 and TP 10.7.10.62. I do have other environments with the same setup without these issues. Any assistance is appreciated.
Hi @JPugh ,
You may try upgrading McAfee Agent to version 5.7.3 or higher.
Incase the issue reoccurs, please open a Service Request with tech support.
Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!
Pravas, thank you for your response. I forgot to mention I am running 5.7.7 agent
Kindly check if the DAT update task has MED DAT selected in the product update task. If yes I would require below mentioned logs for further investigation.
Enable Debug for Agent and ENSL
To enable debug : Check for McAfee agent policy assigned to system
Duplicate the general policy -->click on the tab logging --> check-in the option Enable detail logging and save the policy and assign the saved policy to the server
To enable debug for TP : Check for the endpoint security common assigned to the system, duplicate the same.
Under debug logging --> check-in the option Enable for Threat prevention
save the policy and assign it to the system
Once the debug is enabled, kindly reproduce the issue by creating the update task of DAT and send it to the system.
Once the task is invoked, follow the below mentioned article and collect the logs and share it with us for further investigation.
Along with this, share the task name for investigation.
MA MER: https://kc.mcafee.com/corporate/index?page=content&id=KB83005
ENSLTP MER: https://kc.mcafee.com/corporate/index?page=content&id=KB88197
If you don't wish to share logs in community channel. Then please feel free to open a service request for Trellix (McAfee) support. We will look in to it.
Thank you Revathi. Due to the nature of the system I will have to open a support ticket. I will gladly report the solution here once a solution is achieved.
just wondering did you solved this issue? because i have this issue too,
Still having intermittent issues with this. I have manually provisioned the agents and removed and reinstalled threat protection which seems to fix it for a time. I was given this KB to implement but I have not had time to try it yet. I'm hoping Trellix starts signing their packages so we don't have to. Trellix states its a secure boot issue because their packages aren't signed.
Hope that helps.
I am assuming that your reported issue is related to the issue reported in KB91276. Please validate the this from mfetpd.log.
TO launch an immediate update locally in machine use the below command (this is separate McAfee agent and directly run an update.
# /opt/McAfee/ens/tp/bin/mfetpcli --runtask --index 3 (3 - is for update task)
Check the entries in MFETPD Log if its same as mentioned in below KB.
New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.
Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:
TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com