Support Center > Search Results > SecureKnowledge Details
Endpoint Anti-Malware signatures cannot be downloaded from a local Endpoint Security Server Technical Level
Symptoms
  • Endpoint Anti-Malware signatures cannot be downloaded from a local Endpoint Security Server.
  • In SmartEndpoint Overview tab, an alert is shown saying "Anti-Malware signatures have not been updated in 72 hours" (alert by email is also sent if configured).
  • Endpoint Security Clients can still download signature updates from an external signature server (if allowed by Anti-Malware policy).
  • In $UEPMDIR/logs/server_messages.log:
    ERROR Dispatcher-Thread-9 - The update utility failed to update KAV SDK 8 Dat files version:8.6.0.34 from ZL_latest to production. Return code = 54. More detailed logging is available in AM updater engine debug file. Brief Reason: Loading engine...Initializing engine... Using xml-file: /opt/CPuepm-R80.20/engine/conf/updates/bin/8.6.0.34/confZLToProduction.xml. Error during download process. Operation result code: 0x00000036. License expired. (AntiVirus8UpdateSource)
Cause

.key file on Endpoint Security Server is not updated.


Solution

Endpoint Security Clients can still acquire their Anti-Malware signature updates directly from an external Check Point signature server (cloud service), or other external Anti-Malware signature resources, if your organization's Endpoint Anti-Malware policy allows it.

You may configure External Check Point Signatures server as second priority in Anti-Malware policy under the "Check for signature updates" action.

Example:


Contact Check Point Support to keep getting signature updates from the local Endpoint Security Server.

Implementing the fix:

  1. Open SSH to the Endpoint Security Server and switch to Expert mode. 

  2. Navigate to the $UEPMDIR/engine/conf/updates/bin/8.6.0.34 folder.

  3. You should see a file with the .key extension (i.e 35700833.key).
    Change this file to XXXXXXX.key_old (i.e 35700833.key_old). 

  4. Copy the file provided by Check Point Support to the same folder and run the command:
    chmod 775 57263987.key

  5. Navigate to the $UEPMDIR/engine/conf/updates/bin/kav8 folder (if it exists).

  6. Repeat steps 3-4.

  7. Repeat the operation on any Secondary server, as well as Policy servers.

  8. Open SmartEndpoint Console and navigate to 'Tools > Anti-Malware Updates'.
    Click 'Check for updates now'.

  9. Wait until the server downloads the latest Anti-Malware signatures. It takes an additional few minutes after you get the "Update finish" message, until the Endpoint Security clients receive the updates.
This solution has been verified for the specific scenario, described by the combination of Product, Version and Symptoms. It may not work in other scenarios.

Give us Feedback
Please rate this document
[1=Worst,5=Best]
Comment