cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
JPugh
Level 7
Report Inappropriate Content
Message 1 of 8
‎08-16-2022 01:50 PM

ENSL MEDDAT and Engine update failing on Linux 7.9

I have been noticing a trend on some of my Linux machines not updating MEDDAT. I have a task that runs and I have tried using Update Now and both fail. An uninstall and reinstall of TP will temporarily fix this issue but I am hoping someone has found a better option because it eventually comes back. I verified the kernel in use is supported and I'm currently running Platform 10.7.10.110 and TP 10.7.10.62. I do have other environments with the same setup without these issues. Any assistance is appreciated.

0 Kudos
Reply
7 Replies
Pravas
Employee
Employee
Report Inappropriate Content
Message 2 of 8
‎08-16-2022 07:13 PM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

Hi @JPugh ,

You may try upgrading McAfee Agent to version 5.7.3 or higher.

https://kcm.trellix.com/corporate/index?page=content&id=KB94375&actp=null&viewlocale=en_US&showDraft...

Incase the issue reoccurs, please open a Service Request with tech support.

Thanks.

Was my reply helpful?
If you find this post useful, Please give it a Kudos! Also, Please don't forget to select "Accept as a solution" if this reply resolves your query!

0 Kudos
Reply
JPugh
Level 7
Report Inappropriate Content
Message 3 of 8
‎08-17-2022 06:28 AM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

Pravas, thank you for your response. I forgot to mention I am running 5.7.7 agent 

0 Kudos
Reply
Revathi1
Employee
Employee
Report Inappropriate Content
Message 4 of 8
‎08-16-2022 07:16 PM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

Hi @JPugh 

Good day.

 

Kindly check if the DAT update task has MED DAT selected in the product update task. If yes I would require below mentioned logs for further investigation.

 

Enable Debug for Agent and ENSL

To enable debug : Check for McAfee agent policy assigned to system

Duplicate the general policy -->click on the tab logging --> check-in the option Enable detail logging and save the policy and assign the saved policy to the server

To enable debug for TP : Check for the endpoint security common assigned to the system, duplicate the same.

Under debug logging --> check-in the option Enable for Threat prevention

save the policy and assign it to the system

Once the debug is enabled, kindly reproduce the issue by creating the update task of DAT and send it to the system.

Once the task is invoked, follow the below mentioned article and collect the logs and share it with us for further investigation.

 

Along with this, share the task name  for investigation.

MA MER: https://kc.mcafee.com/corporate/index?page=content&id=KB83005

ENSLTP MER:  https://kc.mcafee.com/corporate/index?page=content&id=KB88197

Note:

If you don't wish to share logs in community channel. Then please feel free to open a service request for Trellix (McAfee) support. We will look in to it.

Regards,

Revathi R



0 Kudos
Reply
JPugh
Level 7
Report Inappropriate Content
Message 5 of 8
‎08-19-2022 10:14 AM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

Thank you Revathi. Due to the nature of the system I will have to open a support ticket. I will gladly report the solution here once a solution is achieved.

0 Kudos
Reply
Dwee
Level 11
Report Inappropriate Content
Message 6 of 8
‎12-26-2022 09:55 PM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

Hi Jpugh,

just wondering did you solved this issue? because i have this issue too,

0 Kudos
Reply
JPugh
Level 7
Report Inappropriate Content
Message 7 of 8
‎12-28-2022 03:12 PM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

DWEE,

Still having intermittent issues with this. I have manually provisioned the agents and removed and reinstalled threat protection which seems to fix it for a time. I was given this KB to implement but I have not had time to try it yet. I'm hoping Trellix starts signing their packages so we don't have to. Trellix states its a secure boot issue because their packages aren't signed.

https://kcm.trellix.com/corporate/index?page=content&id=KB90085

Hope that helps.

 

 

0 Kudos
Reply
BSharma
Employee
Employee
Report Inappropriate Content
Message 8 of 8
‎08-17-2022 07:32 AM

Re: ENSL MEDDAT and Engine update failing on Linux 7.9

@JPugh 

 

I am assuming that your reported issue is related to the issue reported in KB91276. Please validate the this from mfetpd.log. 

/var/McAfee/ens/log/tp/mfetpd.log

 

TO launch an immediate update locally in machine use the below command (this is separate McAfee agent and directly run an update. 

# /opt/McAfee/ens/tp/bin/mfetpcli --runtask --index 3 (3 - is for update task) 

 

Check the entries in MFETPD Log if its same as mentioned in below KB.

https://kcm.trellix.com/corporate/index?page=content&id=KB91276&elqTrackId=F943378BF019221232FC7C0A3...

 

 

0 Kudos
Reply
You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use our Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from product experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by employees.
Join the Community
Join the Community

TrellixSkyhigh Security | Support Trellix.com SkyhighSecurity.com

Legal Privacy Copyright © 2022 Musarubra US LLC