CSC-SSM Update issue

Unanswered Question
Aug 6th, 2010


  Can you please help me how to fix the below file update issues in ASA CSC module.

Virus pattern 7.361.00 was successfully downloaded and installed.
Anti-spam pattern 17550 was successfully downloaded and installed.
Unable to copy file . You must manually copy file /opt/trend/isvw/temp/AU/piranhacache/* to path /opt/trend/isvw/lib/mail/cache.

Please send me the steps how to fix this ?.



I have this problem too.
0 votes
  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 0 (0 ratings)
mirober2 Fri, 08/06/2010 - 05:38

Hi Pushpendra,

What software version is the CSC module currently running? If it is not up to 6.3.1172.3, please upgrade this first and then re-try the pattern file updates. You may be running into one of the bugs in the pattern file updates that should be fixed in the latest versions.

Hope that helps.


Kureli Sankar Fri, 08/06/2010 - 16:35


Some signatures may fail to update even though a newer version of signatures
is available in TrendMicro repository.


Sporadic, during normal operation.


From root account on CSC remove the temporary files created for auto update.
Restart the services.

Pls. upgrade to the latest CSC code 6.3.1172.3.pkg where this defect is resolved.

Kureli Sankar Sat, 08/07/2010 - 16:25

What code is your CSC module running? Issue "hw module 1 detail" to find out.

Here is the procedure to upgrade to the latest pkg file and it is very simple and easy to follow.

Step 1  Download the csc-p-6.3.1172.3.pkg from here:

Step 2  Access the Trend Micro CSC SSM console by doing the following:

a.  Launch ASDM.

b.  Choose Configuration > Trend Micro Content Security.

Step 3  Choose Administrator > Product Upgrade from the menu.

Step 4  Click Browse and select the .pkg file you downloaded.

Step 5  Click Install.

Step 6  Click Summary to confirm the installed software version.

Step 7  Optional) Use an Eicar test file to confirm that the upgrade was
successful and that the scanning services have been configured correctly.


aikengroup Tue, 08/10/2010 - 07:56

Can you email me the upgrade or give me a link to to it elsewhere, I'm having exactly the same problem and everytime I try and download the latest version I get the following

To download this software, you must Log In with your user id and have a valid Technical Support Services Agreement associated to your user ID

  • If you have forgotten your ID or password you can retrieve or reset your password at Password Management
  • If you do not have an ID you can create one at Registration
  • If you do not have a Technical Support Services Agreement, you can get one through:
    • Your Cisco Account Team if you have a direct purchase agreement with Cisco
    • Your Cisco Partner or Reseller
  • Once you have the Technical Support Services Agreement you must associate your Technical Support Services Agreement to your user ID with Profile Manager

I'm logged in with my usual ID of aikengroup

Gareth James

IT Manager

AIken Group

[email protected]

mirober2 Tue, 08/10/2010 - 08:02

Hi Gareth,

If you're logged in with your ID, then the download is probably being prevented based on the second part of the message you're seeing:

and have a valid Technical Support Services Agreement associated to your user ID

If you have a valid support contract that covers your CSC module, make sure you add it to your profile. Otherwise, you'll have to get in touch with your account team to purchase a contract that covers your CSC module.

Hope that helps.


aikengroup Tue, 08/10/2010 - 08:07

Thanks Mike,

it was letting me in 2 days ago I downloaded the last asa832-k8 for ASA itself. I'll try our supplier and see if they can get anywhere, but they tend to take a long time.


Allen P Chen Tue, 08/10/2010 - 10:35

Hi Gareth,

I sometimes have issues accessing Cisco's online documentation/software as well.  Generally a reboot of the PC resolves the problem.  Not sure if your computer was rebooted.  I have also had success using another browser.  Sounds weird that you were able to download software two days ago and not now.

Hope that helps.

pushpendra tiwari Wed, 08/11/2010 - 05:30

Hi KS,

Thanks for your reply, But CSC-SSM update issue call postponed due to downtime issue.when customer provide me downtime and again face any issue we will revert to you. But we have anathor issue in DMZ??

Customer has two Site :-

(1) In Registerd office Customer has one internet link which is connected to Cisco 1841 Router but and router connected to Cisco ASA 5510 and then L3 switch further Lan Network also he has one PPP link, 1 RF link  between Registerd office to Factory.

(2) In Factory Customer has one Internet link which is connected to Cisco 1841 Router and router connected to Cisco ASA 5510 and then L3 switch further   Lan Network.

  Customer want to connect these link (PPP,RF and MPLS) in anathor Cisco 2811 router at Registerd office and he want connect Cisco router to Cisco ASA firewall as a DMZ means when internet goes down then factory link will be switchover via DMZ zone connectivity.

Please suggest me what we need to do. I Waiting your valuable response.



[email protected]

pushpendra tiwari Mon, 10/18/2010 - 04:57


I have another question in CSC, Could you please tell me how to bypass CSC-SSM module.Becuase some MGMT user want to full internet access but still all of user going through CSC-SSM module.So pleasse advice me procedure for the activity.



Kureli Sankar Mon, 10/18/2010 - 06:43

In the ACL that you match in the class-map for traffic to be inspected by the CSC module add a "LINE 1 " deny for this traffic.

access-l csc-acl line 1 deny ip any host x.x.x.x any

where x.x.x.x is the management host's ip address that you do not want to scan.


pushpendra tiwari Tue, 10/19/2010 - 03:40

Hi ,

I have configure below command but still remain same problem.

access-list inside_access_in line 1 deny ip any host

Could i need to configure anything else.



Kureli Sankar Tue, 10/19/2010 - 05:55


You did not follow the syntax that I suggested.

access-list inside_access_in line 1 deny ip any host

the above line should actually be

access-list inside_access_in line 1 deny ip host any ----------> put the any in the end.

Make sure the service policy is applied globally.



This Discussion