Join the Conversation

To sign in, use your existing MySonicWall account. To create a free MySonicWall account click "Register".

Capture Client 3.1.4

BWCBWC Cybersecurity Overlord ✭✭✭

Hi,

Capture Client 3.1.4 got released for all of us who did not get the 3.5 blessings at this point. No Release Notes so far, probably just house-keeping and fixes.

The SentinelOne Agent Version is still the same, nothing new here.

--Michael@BWC

Category: Capture Client
Reply
Tagged:

Comments

  • LarryLarry All-Knowing Sage ✭✭✭✭

    FWIW - current SentinelOne GA version is 4.6.11.191...

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @Larry, I know, but I stopped complaining because it looks like a dead end.

    --Michael@BWC

  • ThKThK Cybersecurity Overlord ✭✭✭
    edited February 2021

    @Larry my client are not updating to 4.1.6.118 : cc log gives the answer

    (...). Warning DEFAULT_USER Attempting to download and install 'SentinelOne 4.1.6.118' on the 4th retry

    (...) Error DEFAULT_USER curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

    --Thomas

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @ThK

    I'am not 100% sure, but I believe I had an similar issue a while ago, needed to be fixed on the backend. It was right after releasing a "new" engine.

    4.1.6 it is now, wow.

    --Michael@BWC

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @ThK same happened to me, so I guess it's an Backend Issue, @SuroopMC and fellows will take of that I guess.

    --Michael@BWC

  • Curious if Sentinel One is keeping the new versions back or Sonicwall, the Big Sur capable version was released in the first week of January for direct customers....

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @Bernhard_Winter

    well I'll keep my mouth shout but this discussion (last entries) is probably telling you where it is heading to.

    I addressed this in the past and my posts got deleted, so I made my mind up already.

    --Michael@BWC

  • @BWC

    You might like that as well:

    3.1.1 just startet Blocking the Authentication App for "Erste Bank" and "Raiffeisen" just Austrias biggest banks without any message, it was simply blocking the app without any warning although it worked before. Added a path exclusion and it immediatly worked. That was also suggested as the workaround afterwards, yeah great, if there would be an option to make a global exclusion for all tenants i would happily do that.

    Updated to 3.1.4 and now at least i get a message it was blocked 🤣 To be totally honest i'm unsure if i will report anything anymore in the future based on the reactions i received.

  • ThKThK Cybersecurity Overlord ✭✭✭

    @Bernhard_Winter there is no "SonicWall-managed 4.1.6 version - maybe therefore the installer couldn´t find the path...

  • SuroopMCSuroopMC SonicWall Employee

    @Bernhard_Winter - there are a number of 3rd party applications out there and it is infinitely impossible to keep track of all applications that may get blocked by the SentinelOne engine. This is why we maintain and update this list as much as we can whenever we identify new applications. If you are willing to share the exclusions you used for the bank authenticator applications, we'd love to add it as a new recommendation.

    @ThK - we did not release a SonicWall-managed version of 4.1.6. The reason that S1 agent was released is because it was known to fix some performance issues seen with VSS. However, we have noticed that there are some challenges with an auto-upgrade and it is recommended to uninstall CC, set your Threat Protection policy to use the Self-managed version and then reinstall it with 4.1.6.

    @BWC and @Bernhard_Winter - please do not refrain from sharing your experiences here. We try to provide the best answers we can; sometimes it may not be to your satisfaction. However, please do not construe that as a lack of empathy for your problems.

    Keep 'em coming! We're listening!

  • BWCBWC Cybersecurity Overlord ✭✭✭

    Hi @SuroopMC

    so you're telling I need to uninstall/reinstall CC to get the S1 Engine up to 4.1.6?

    If that's the case, Bravo 👏

    --Michael@BWC

  • SuroopMCSuroopMC SonicWall Employee

    @BWC - yes, this is a one-off case. however, the 4.1.6 engine itself only targets one specific bug related to VSS and backup software on Windows. If that isn't something you have encountered in your environment, there is no real need for you to even attempt the upgrade.

  • ThKThK Cybersecurity Overlord ✭✭✭

    @SuroopMC we all are very nervous since the SMA leak and then an update is released. It is quiet clear that we update as soon as possible. I was updating 20 SMAs. Once, twice - and not forget the 2FO and workarounds. Then you release an CC update, thought i is recommended - my work was to change all the policies to the tenants and watch the update is working. You have to spend so much time for Sonicwall product the last time that causes questions. Why you release an cc Update when it is no ready or tested ?

    I think this is same for all guys here !

  • SuroopMCSuroopMC SonicWall Employee

    @ThK - This isn't an issue of it being not ready or untested. The bug was in fact identified only when we rolled out to a few customers in the field. However, those customers needed the client for the VSS challenges they ran into. And from their perspective, uninstalling and reinstalling the client was a smaller problem than the performance issues they ran into because they had the tools to uninstall and reinstall. We don't know how many such customers are out there so we are just providing a choice.

    In full transparency, I think our update process can do with a lot of simplification and we're working on making it much easier to use. If anyone would like to be part of a group of early design influencers, let me know. I can share what we're thinking and understand whether it meets your needs. This includes everything from how CC agents are rolled out to how S1 agents are made available, to the choice of controlling updates vs automatically making updates.

  • BretBret Newbie ✭
    @SuroopMC can you explain the process to update? I am having these vss issues on multiple servers and I have tried uninstalling via the console and reinstalling but can not get 4.1.6 to install
  • SuroopMCSuroopMC SonicWall Employee

    @Bret - check out this KB article. But to be specific:

    1. Uninstall Capture Client from the Server (CC and S1 agents)
    2. Create a new Threat Protection policy for those servers and set the version to be the "Self-managed 4.1.6 for Windows" seletion. Create a new Capture Client policy with the client version set to "Self-Managed 3.1.4" and attach the new Threat Protection policy to this
    3. Create a Group for your servers - Static if its specific servers, or Dynamic if its based on a criteria like "Windows Servers". And then assign the new Capture Client policy to this Group
    4. Then deploy CC 3.1.4 to your servers

    If this doesn't work, please reach out to Support and they should be able to help you out.

  • BretBret Newbie ✭

    @SuroopMC Yes I followed the KB instructions and yours. It just sits on The SentinelOne installing. Log shows the following:

    02/26/2021 12:35:19 AM ses[7288:5580] Info SERVER\backup Client successfully applied 'SERVER' policy ( id 'c24d7fb0-aa19-45e7-bc9a-e51b1c97d318', timestamp '1614316395' ).

    02/26/2021 12:35:19 AM sngavm[5516:4248] Info SERVER\backup Received stop monitoring notification

    02/26/2021 12:35:19 AM sngavm[5516:4248] Error SERVER\backup The S1EventListener connection point is not released.

    02/26/2021 12:35:19 AM sngavm[5516:4248] Error SERVER\backup The S1EventListener sink dispatcher is not released.

    02/26/2021 12:35:19 AM ses[7288:7440] Error SERVER\backup failed to download '22'

    02/26/2021 12:35:19 AM ses[7288:7440] Error SERVER\backup curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

    02/26/2021 12:35:20 AM WPS[1300:4108] Error SERVER\backup Monitor already started.

    02/26/2021 12:35:20 AM WPS[1300:4108] Warning SERVER\backup Failed to update CFCPolicy in CFCPolicy SDK. Error '10235'

    02/26/2021 12:35:20 AM ses[7288:7440] Warning SERVER\backup Attempting to download and install 'SentinelOne 4.1.6.118' on the 1st retry

    02/26/2021 12:35:20 AM ses[7288:7440] Error SERVER\backup failed to download '22'

    02/26/2021 12:35:20 AM ses[7288:7440] Error SERVER\backup curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

    02/26/2021 12:35:21 AM WPS[1300:8040] Info SERVER\backup Sending query to botnet server cbot.global.sonicwall.com

    02/26/2021 12:35:25 AM ses[7288:7440] Warning SERVER\backup Attempting to download and install 'SentinelOne 4.1.6.118' on the 2nd retry

    02/26/2021 12:35:26 AM ses[7288:7440] Error SERVER\backup failed to download '22'

    02/26/2021 12:35:26 AM ses[7288:7440] Error SERVER\backup curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

    02/26/2021 12:35:31 AM WPS[1300:8040] Error SERVER\backup curl failed: error 28 (Timeout was reached): 'Connection timed out after 10000 milliseconds'

    02/26/2021 12:35:56 AM ses[7288:7440] Warning SERVER\backup Attempting to download and install 'SentinelOne 4.1.6.118' on the 3rd retry

    02/26/2021 12:35:56 AM ses[7288:7440] Error SERVER\backup failed to download '22'

    02/26/2021 12:35:56 AM ses[7288:7440] Error SERVER\backup curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

    02/26/2021 12:36:56 AM ses[7288:7440] Warning SERVER\backup Attempting to download and install 'SentinelOne 4.1.6.118' on the 4th retry

    02/26/2021 12:36:56 AM ses[7288:7440] Error SERVER\backup failed to download '22'

    02/26/2021 12:36:56 AM ses[7288:7440] Error SERVER\backup curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

  • BretBret Newbie ✭

    n@SuroopMC I've tried this a couple of times on different servers. It looks like I see Sentinel Agent version 4.0.4.81 still installed in the control panel. To uninstall I have been going to the capture client management portal- selecting the device and selecting uninstall client. Should I be uninstalling a different way?

  • SuroopMCSuroopMC SonicWall Employee

    @Bret - the steps to uninstall the client are accurate. My recommendation is to raise a support ticket so that a Support engineer can help you get through this or collect data for investigation. .

  • ThKThK Cybersecurity Overlord ✭✭✭

    @Bret as i wrote "...The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'

    on installation this URL is contacted for deinstalltion too. But it can´t be found.

    Your post "...02/26/2021 12:36:56 AM ses[7288:7440] Error SERVER\backup curl failed: http error 404 (The server has not found anything matching the Request-URI).: 'The requested URL returned error: 404 Not Found'..."

  • BretBret Newbie ✭

    @THK yes I saw that. Did you ever get it resolved?

  • BretBret Newbie ✭
    edited February 2021

    I can manually install version 4.1.6.118 successfully on test machine

    Will try on production machine giving me issue tonight

    You should really pull these knowledgebase articles with steps for install that don't work.

  • skesarwaskesarwa SonicWall Employee

    This issue is reported to development and the issue is fixed now. Please try once more and let me know if the issue still persists.

  • BretBret Newbie ✭

    Yes I can confirm this is working now.

    Any plans to fix the straight upgrade from 4.1.5.97 to 4.1.6.118 without having to uninstall and reinstall?

  • SuroopMCSuroopMC SonicWall Employee

    @Bret - unfortunately we don't have an ETA commit on that and its something on S1. We're working with them, but it's likely before they fix the upgrade issue, we will launch support for their latest agents which will eliminate the need for that.

  • ThKThK Cybersecurity Overlord ✭✭✭

    Capture Client 3.1.5 is available in my portal. I´ll try ... 😀

  • BWCBWC Cybersecurity Overlord ✭✭✭

    You brave Soul :) ... outdated S1 Engine still a bummer though.

    --Michael@BWC

  • ThKThK Cybersecurity Overlord ✭✭✭

    @BWC ...something will come around easter... as Bill mentioned in his eMail ... :-)

  • BWCBWC Cybersecurity Overlord ✭✭✭

    @ThK ... well my CC is good for another 2 years, maybe I'll see any migration from 3.1 to 3.6+ done in this period of time.

    The other pending Migration from CSC-MA to NSM is another example of Announcement vs. Reality.

    Your migration to the new Network Security Manager 2.0 is coming soon. We will notify you as soon as its becomes available. Please continue to manage your devices using existing Management 1.7.1.

    The last I heard about this was "End of this Year" ... so "soon" means at leat 1 1/2 Years, maybe it is some form of "dog-soon" which equals to 7x "soon", dunno, lost track.

    --Michael@BWC

Sign In or Register to comment.