Performing manual installation of a Security Update on an ESM Unix agent.

Article:TECH180496  |  Created: 2012-02-01  |  Updated: 2014-03-25  |  Article URL http://www.symantec.com/docs/TECH180496
Article Type
Technical Solution


Environment

Issue



If an Enterprise Security Manager (ESM) is set up to push LiveUpdates to agents by default, it is possible that an agent may be updated to an unsupported level.  To remedy this issue and revert to a previous Security Update (SU) level, it may be necessary to uninstall the ESM agent from the target machine, reinstall and manually update to the maximum supported level.


Error



N/A, referring to the ESM agent support matrix, available here:  http://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm&pvid=ad, shows no support for the current maximum SU level of the ESM manager.


Environment



Various Unix platforms, ESM versions 9.0 and up.


Cause



ESM agents are updated via LiveUpdate pushed from the manager that exceed the supported level on the ESM Agent support matrix, see link above.


Solution



To revert to a previous SU level, the ESM agent must first be uninstalled, then reinstalled as normal.  When reinstalling the agent do not allow the agent to accept LiveUpdates from any manager that could push SUs to levels that exceed the supported agent level.

Additionally, after referring to the ESM Agent support matrix (see link above), the appropriate SU package should be downloaded from this link, http://www.symantec.com/security_response/securityupdates/list.jsp?fid=esm&pvid=su and copied to the target machine. 

Installation of the downloaded TPK file is performed by using chmod to set the execution bit and then running the file as root.

When running the TPK file, the installation will prompt for permission to update the templates and message files on the manager.  The recommendation is to only update the templates and message files on the manager to the highest SU level. 

When dealing with agents at disparate SU levels, close attention must be paid to policies run on agents that are at lower SU levels than the manager's SU level, since they will be using newer message and template files.  It is possible that any given message or template file will have changed resulting in unexpected behaviors and messages.
By referring to the Release Notes distributed with the SU package and on the Agent SU Download page, one can reconcile the changes made from one SU and another.




Article URL http://www.symantec.com/docs/TECH180496


Terms of use for this information are found in Legal Notices