Problems reatriving data from antimalware clients and updating Zen antimalware client.

Hello,

we have a zenworks appliance version 20.3 with endpoint security enabled. all our zen agents/anti-malware are installed on windows 10. (also all licences are active and not expired).

at first when everything was configured it was all working perfectly for a few months (anti-malware clients were updating, scanning reporting...). After some time the clients stopped reporting to zenworks server. Now when we try to update on some windows clients it just hands "updating" some say module expired (even if the licence is active and okay) and a few of them are updating and scanning normally as nothing is wrong but they wont report data to zenworks server (or the server doesn't collect them and shows them on the dashboard, unclear). Also the uninstall code stopped working. 

what could be the cause of this and what can we do to fix this ?

kind regards,

AF

  • Server Side Patch 964 on 20.3 and Patch 334 on 23.3 should resolve this.

    Upgrading to 23.4 should as well.

    In short, a counter-signature was missing on a core DLL so that when the signing cert expired, the signing was no longer valid.  This has been corrected and is now properly counter-signed preventing age from impacting signing validity.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Hi Craig,

    So been working with our ZCM expert Bruce and we are a little stumped at this point.  We are having several machines showing the error "The Antimalware module has expired.  Contact your system administration for further details"  The majority of our machines have no issues and are not showing this error.  This morning, my machine which has had no issues are now reporting the same error as mentioned above.  Bruce has told me we are fully patched to 23.4 except for one patch but it is not showing any information regarding this issue.

    First, is there anything else we can check?  Also, can you point me to the dll file explained in your post above so I can check version and date to make sure the trouble machines have the correct dll.  Are list of machines continue to grow with the error above even though we have doubled checked that our license is current and not expired.

    Any insight you can provide would be appreciated.  Screen shot of error below...

    Thanks

    Brian

  • I doubt it's the same issue if its been working.....

    Does your License still show as Good/Active?

    If all looks good one thing you can try is 

    "ZAC MR" which should remove the agent.

    Then refresh and it should reinstall....No Reboots required.

    "ZAC MI" will install it as well assuming a policy is assigned.

     

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Hi Craig,

    Thanks for the response...  The license is good and active through 1/31/25, Bruce and I checked that before I responded to this thread.  What were seeing is workstations will be normal and then all the sudden show the error screen shot above and there seems to be no way to recover it from this state.  The zac mr command worked but the zac mi and/or ml was not recognized.  The ZCM Agent refresh brought it back but unfortunately the error returned immediately regarding module being expired.  Very strange...

    Any other thoughts?

    Thanks

    Brian

  • There are some Primary Server and Satellite Server Bug Fixes around On-Demand Content.  Anti-Malware does use On-Demand Content.  No clue if this could cause your symptoms...but I would not eliminate that as a possibility.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • If you install Anti-Malware on a Fresh PC w/o any other security software....Does the issue return? Does the issue only happen on certain sites?  For Testing...Make sure the On Deman Content Master is in the location rules for Content.

    Make sure one of your primaries has the indicator for On Demand Master Content Server in this screen in the ZCC

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Hi Craig,

    A few follow-ups to your questions, we have two machines, one that Bruce uses as a jump box to our environment and my machine which has never had any other type of AV software installed other than Windows 10 built in AV software.  Both machines are experiencing this issue as described so yes to your first question.  Also, as explained, I did remove and reinstall ZES with the error returning on my machine.  There are other machines which had ESET AV installed but through your assistance we were able to remove the remanence and have ZES install via ZENWorks.  But as stated, some have started to have the issue as documented in previous thread posts.

    If you look at the two primary servers listed below, the one listed as 1 is the primary with a secondary (2) as backup.  The one listed as number 2 is also where the Malware database is located.  See the second screen shot below. 

    Since we have multiple (5) locations Bruce set us up to exclude the closet server default rule (checked box) and use for collection, content and authentication servers as the satellite first then the two primaries.   The Configuration Servers for each location use the primaries only and both listed.

    I forwarded your comments to Bruce about the possibility of the bug and patch fixes for the primaries and satellites servers.  He will be looking at those at some point and provide feedback once he has time make those changes. 

    Thanks again for the assistance and if you have any further suggestions or questions please let us know.

    Brian

     

  • For Testing...I would exclude the sat....Point to Server2 First in my test location and make sure both primaries are Patch 94.

    Just to minimize issues.....But I can't recall other similar reports recently like you are seeing....so I can't say for sure.

    --

    If you found this post useful, give it a “Like” or click on "Verify Answer" under the "More" button

    Be sure to "Like" My (and a few others) Cool Solutions below! 

    https://community.microfocus.com/members/craigdwilson/bookmarks

  • Craig,

    So you are aware, the two machines mentioned above are at the primary location which only use two primary servers 1 and 2. 

    Wanted to add that information to your response.

    Will pass along the info to Bruce on the patch 94.

    Thanks again

    Brian

  • Craig,

    So over the weekend Bruce fully patched our primary and satellite servers.  Today, I removed the ZES from my machine using the zac mr command, I re-installed via a ZENAgent refresh and upon installing ZES the same problem still persist.

    Is there any other thoughts you may think to correct the issue or any logs that we can provided to pin point the issue.

    Thanks

    Brian