To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

Malware Protection Not Up to Date and Unable to check the latest update

Bahauddin
Bahauddin Member Posts: 1 Contributor

Dear Admin,

I have encountered two update failure scenarios with our WithSecure Agent:

  1. Picture 1: The update check failed on a local PC at home using a direct ISP connection, even though the status indicates "connected."
  2. Picture 2: There is no connection to the security cloud. This means the WithSecure Agent is not receiving updates from the cloud for our local PCs in the company.

Upon checking the detailed logs, I found multiple errors related to server connection issues, including some SSL-related errors.

Please assist in checking and resolving this issue as soon as possible to prevent potential security threats and ensure protection for all our clients.

Answers

  • Sethu Laks
    Sethu Laks Staff, Moderator Posts: 311 W/ Moderator
    edited March 12

    Hi,

    Thank you for reaching out the WithSecure Community,

    From version 22.1 onwards, the connectivity requirements have changed for the Elements Agent and Elements Connector. This release included a new check which contacts Certificate Revocation List (CRL) servers, related to the validity check of TLS certificates used.  

    We suggest to:

    • Try manually install the "DigiCert Global Root CA" and "ISRG Root X1" certificates.
      Connectivity requirements changed: 
      We do require connection to CRL URLs now. Verify that connections to the following CRL URLs work: 

      ocsp.rootca1.amazontrust.com 
      crl.sca1b.amazontrust.com 
      ocsp.rootg2.amazontrust.com 
      ocsp.sca1b.amazontrust.com 
      crl3.digicert.com 
      crl4.digicert.com 
      ocsp.digicert.com 
    • If you see that the client status is not updating in the portal, or profile changes are not applied to the client, open HTTP connections to the CRL URLs. 

    To know more about CRL and OCSP refer to the links below: 

    If the above suggested workaround didn't hep, the error code 12175 and 12002 may indicate that the device lacks the necessary root certificates. We believe this may be the underlying cause of the problem.

    Ensure the device has root CAs from this site (listed under the 'Root CAs' section):

    https://www.amazontrust.com/repository/

    Note: To ensure proper functionality, install the CAs in the 'Trusted Root Certification Authorities' store rather than the 'Intermediate Certification Authorities' store.

    Upon completion of the CA installation, restart the server and monitor the situation.

    If the issue still remains unresolved, you can download and run the Connectivity Tool to check whether or not the host is able to connect to the WithSecure backend systems

    https://download.withsecure.com/connectivitytool/ConnectionChecker.exe

    If you happen to see the result that shows WithSecure domain blocking, you can whitelist *withsecure.com and *fsapi.com from your proxy/firewall. You can find more information here

    Network addresses for WithSecure Elements (cloud-managed products) - WithSecure Community

Categories