cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1940
Views
0
Helpful
14
Replies

CSC-SSM Update issue

HI

  Can you please help me how to fix the below file update issues in ASA CSC module.

Virus pattern 7.361.00 was successfully downloaded and installed.
Anti-spam pattern 17550 was successfully downloaded and installed.
Unable to copy file . You must manually copy file /opt/trend/isvw/temp/AU/piranhacache/* to path /opt/trend/isvw/lib/mail/cache.



Please send me the steps how to fix this ?.



Thanks

Pushpendra

14 Replies 14

mirober2
Cisco Employee
Cisco Employee

Hi Pushpendra,

What software version is the CSC module currently running? If it is not up to 6.3.1172.3, please upgrade this first and then re-try the pattern file updates. You may be running into one of the bugs in the pattern file updates that should be fixed in the latest versions.

Hope that helps.

-Mike

http://tools.cisco.com/Support/BugToolKit/search/getBugDetails.do?method=fetchBugDetails&bugId=CSCtc37947

 Symptom:

Some signatures may fail to update even though a newer version of signatures
is available in TrendMicro repository.

Conditions:

Sporadic, during normal operation.

Workaround:

From root account on CSC remove the temporary files created for auto update.
Restart the services.

Pls. upgrade to the latest CSC code 6.3.1172.3.pkg where this defect is resolved.

-KS

Hi Mike,

Could you please tell me accurate steps of latest version .PKG upgradation in the CSC-Module, because firewall is on live scenerio and all branches connected in this firewall. So please send me configuration steps..

Thanks,

Pushpendra

pushp1984@gmail.com

What code is your CSC module running? Issue "hw module 1 detail" to find out.

Here is the procedure to upgrade to the latest pkg file and it is very simple and easy to follow.

Step 1  Download the csc-p-6.3.1172.3.pkg from here: http://tools.cisco.com/squish/518547

Step 2  Access the Trend Micro CSC SSM console by doing the following:

a.  Launch ASDM.

b.  Choose Configuration > Trend Micro Content Security.

Step 3  Choose Administrator > Product Upgrade from the menu.

Step 4  Click Browse and select the .pkg file you downloaded.

Step 5  Click Install.

Step 6  Click Summary to confirm the installed software version.

Step 7  Optional) Use an Eicar test file to confirm that the upgrade was
successful and that the scanning services have been configured correctly.

-KS

Can you email me the upgrade or give me a link to to it elsewhere, I'm having exactly the same problem and everytime I try and download the latest version I get the following

To download this software, you must Log In with your Cisco.com user id and have a valid Technical Support Services Agreement associated to your Cisco.com user ID

  • If you have forgotten your ID or password you can retrieve or reset your password at Cisco.com Password Management
  • If you do not have an ID you can create one at Cisco.com Registration
  • If you do not have a Technical Support Services Agreement, you can get one through:
    • Your Cisco Account Team if you have a direct purchase agreement with Cisco
    • Your Cisco Partner or Reseller
  • Once you have the Technical Support Services Agreement you must associate your Technical Support Services Agreement to your Cisco.com user ID with Profile Manager

I'm logged in with my usual ID of aikengroup

Gareth James

IT Manager

AIken Group

gjames@aikengroup.com

Hi Gareth,

If you're logged in with your cisco.com ID, then the download is probably being prevented based on the second part of the message you're seeing:

and have a valid Technical Support Services Agreement associated to your Cisco.com user ID

If you have a valid support contract that covers your CSC module, make sure you add it to your cisco.com profile. Otherwise, you'll have to get in touch with your account team to purchase a contract that covers your CSC module.

Hope that helps.

-Mike

Thanks Mike,

it was letting me in 2 days ago I downloaded the last asa832-k8 for ASA itself. I'll try our supplier and see if they can get anywhere, but they tend to take a long time.

Gareth

Hi Gareth,

I sometimes have issues accessing Cisco's online documentation/software as well.  Generally a reboot of the PC resolves the problem.  Not sure if your computer was rebooted.  I have also had success using another browser.  Sounds weird that you were able to download software two days ago and not now.

Hope that helps.

I am not sure if your CCO ID needs to have diff. permission to download ASA code VS CSC code.

Try to download ASA code today and see if you can.

ASA code:  http://tools.cisco.com/squish/10C815

ASDM image : http://tools.cisco.com/squish/a5338C

CSC code: http://tools.cisco.com/squish/E56f81

-KS

Hi KS,

Thanks for your reply, But CSC-SSM update issue call postponed due to downtime issue.when customer provide me downtime and again face any issue we will revert to you. But we have anathor issue in DMZ??

Customer has two Site :-

(1) In Registerd office Customer has one internet link which is connected to Cisco 1841 Router but and router connected to Cisco ASA 5510 and then L3 switch further Lan Network also he has one PPP link, 1 RF link  between Registerd office to Factory.

(2) In Factory Customer has one Internet link which is connected to Cisco 1841 Router and router connected to Cisco ASA 5510 and then L3 switch further   Lan Network.

  Customer want to connect these link (PPP,RF and MPLS) in anathor Cisco 2811 router at Registerd office and he want connect Cisco router to Cisco ASA firewall as a DMZ means when internet goes down then factory link will be switchover via DMZ zone connectivity.

Please suggest me what we need to do. I Waiting your valuable response.

Thanks/Regards,

Pushpendra

pushp1984@gmail.com

HI KS,

I have another question in CSC, Could you please tell me how to bypass CSC-SSM module.Becuase some MGMT user want to full internet access but still all of user going through CSC-SSM module.So pleasse advice me procedure for the activity.

Regards,

Pushpendra

In the ACL that you match in the class-map for traffic to be inspected by the CSC module add a "LINE 1 " deny for this traffic.

access-l csc-acl line 1 deny ip any host x.x.x.x any

where x.x.x.x is the management host's ip address that you do not want to scan.

-KS

Hi ,

I have configure below command but still remain same problem.

access-list inside_access_in line 1 deny ip any host 192.168.200.80

Could i need to configure anything else.

Regards,

Pushpendra

Hello,

You did not follow the syntax that I suggested.

access-list inside_access_in line 1 deny ip any host 192.168.200.80

the above line should actually be

access-list inside_access_in line 1 deny ip host 192.168.200.80 any ----------> put the any in the end.

Make sure the service policy is applied globally.

-KS

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: