Upgraded from
14.2.5587.2100 to 14.3.1169.0100 - worked through firewall issues and my network team shows nothing else being blocked ....
Support Case 32291218 Opened on October 15th.
Dark servers using dark definitions - still having issue
Tamper Protection Status: Component is malfunctioning
I installed two other servers with this version and am not experiencing any issues. The key here is the "dark" servers do not have access to the internet and I have to use a .jdb file to update virus definitions.
I discovered that I had to install
jdb/core3sds/vd######core3sdsi64.jdb just to get the Manager to display
Latest On Manager version
I have been uploading
jdb/core15sds/vd######core15sdsi64.jdb Dark-Network Client only.
- Why does Tamper Protection still show Component is malfunctioning on all clients since the upgrade. When I actually log on to a client, it shows Tamper Protection is on and has a Green Checkmark saying "Your computer is protected" so the clients seem to be ok but the manager is reporting this incorrectly??*@$
- On the Manager, clients will appear to not be reporting but if I log on the the client, it will show it is connected to the manager.
What am I missing? I completely uninstalled and reinstalled 14.3.1169.0100 same result. It has been a long couple of weeks with no answer still.
------------------------------
TechChick
Southwest Power Pool
------------------------------
Original Message:
Sent: 10-16-2020 03:37 PM
From: Sherry Jones
Subject: Tamper Protection Component is Malfunctioning after upgrade to 14.3.1169.0100
Update -
My network team did find some ports being blocked and those have been resolved.
- I still am experiencing Tamper Protection Status: Component is malfunctioning.
- The SEPM Dashboard, is showing Disabled 27 which is the current number of endpoints upgraded to 14.3.1169.0100. How do I determine what this number is representing? For the endpoints listed, the only disabled policies I see are policies I have intentionally disabled via policy.
Having to download the .jdb file manually makes me think I am not downloaded the correct .jdb
Thanks
------------------------------
TechChick
Southwest Power Pool
Original Message:
Sent: 10-16-2020 01:15 PM
From: John Owens
Subject: Tamper Protection Component is Malfunctioning after upgrade to 14.3.1169.0100
Ports would not mpact Tamper Protection.
My comment was for just the part of your issue regarding Server to Server
Communication Update Package push.
Original Message:
Sent: 10/16/2020 10:58:00 AM
From: TechChick
Subject: RE: Tamper Protection Component is Malfunctioning after upgrade to 14.3.1169.0100
Found a problem with port 445 on the network side ...
Is there a certain port that Tamper Protection uses?
------------------------------
TechChick
Southwest Power Pool
Original Message:
Sent: 10-16-2020 10:52 AM
From: John Owens
Subject: Tamper Protection Component is Malfunctioning after upgrade to 14.3.1169.0100
Hi There,
For the issue of pushing out Communication Update Packages to other Servers you can see why it is failing in the scm-server-0.log.
You need to enable FINEST level logging on the SEPM first though.
Original Message:
Sent: 10/16/2020 10:33:00 AM
From: TechChick
Subject: Tamper Protection Component is Malfunctioning after upgrade to 14.3.1169.0100
I have just upgraded from 14.2.5587.2100 to 14.3.1169.0100 ... Now I am seeing this error on the consoles but the clients themselves are "green" and say "No problems detected"
- All of these clients and the servers are in a highly secure area (no internet access)
- Server is Windows Server 22012 R2 64Bit
- Using a backend SQL database
- Servers are set up for failover and load balancing
- Because my servers and clients have NO Internet access, I use Dark Definitions and always have. I loaded the .jdb file (jdb/core15sds/vd5a9c02core15sdsi64.jdb)
- Also loaded core3sdsi64 and core3sds JDB files and that seemed to fix one of my issues where the console Dashboard showed the incorrect Latest on Manager.
- Still needing solved: (I do have a case opened but wanted to know if anyone else has seen this behavior) Case#32291218
- Cannot send client install or Communication Update Package from ServerA to ServerB or ServerB to ServerA using Client Deployment Wizard but can upgrade other clients (not management servers) - What is the difference server to server vs server to client communication?
- Management Servers show Tamper Protection Malfunctioning on all newly upgraded clients. The client itself shows green with no problems detected.
- I have tried running Cleanwipe on a couple of the clients and reinstalled the new client package - Tamper Protection Still shows Component is Malfunctioning on the consoles.
- Servers have been restarted several times.
Again, the clients look fine when I check them - Tamper Protection is on and seems to be functioning
The servers are reporting "Tamper Protection Status" "Component is Malfunctioning"
I cannot send anything to the failover server via Client Deployment Wizard but can deploy to other non-server clients.
------------------------------
TechChick
Southwest Power Pool
------------------------------