Active Response is an endpoint detection and response tool for advanced threats. It is located in Mcafee product province. It can be executed via Mcafee ePO. If you have 2 TIE servers on your system, you may usually encounter this problem. Let’s look at how the error happened first. We click “menu> Active Response Catalog” on Mcafee ePO.
We click the “Triggers” tab on the “Active Response Catalog” screen. Here, we will try to delete the “File Malware Create3” rule we created earlier. To remove the “File Malware Create3” rule, we click “Action> Delete” at the bottom.
When we click the “Delete” button, it asks if we are sure we want to delete it. We click on the “Yes” button.
When we click the “Yes” button, it says that the rule is active. “Some of the selected triggers are enabled.” gives the error.
To disable our “File Malware Create3” rule, click the “Action> Disable” button below. The error here is (Cannot disable trigger ”42″.).
When we want to add md5 hash to the “File Malware Create” rule we wrote, it is seen that there is no post-addition.
The solution to the Error
If you have 2 TIE servers on your system, you may usually encounter this problem. You should run the following commands on the primary TIE Server with the root user. After running it, give wake up to tie, mar, EPO and Dlx servers to get a policy.
/opt/McAfee/tieserver/postgresql/bin/psql -Umfetie tie alter table if exists mar_trigger_term_platform drop constraint fk__mar_trigger_term_platform__trigger_term_id; alter table if exists mar_trigger_term_platform add constraint fk__mar_trigger_term_platform__trigger_term_id FOREIGN KEY (trigger_term_id) REFERENCES mar_term(id) ON DELETE CASCADE;
After running the commands, give wake up to tie, mar, EPO and Dlx servers to get a policy.
Once the servers get a policy, try again to delete the rule from Triggers, disable it and add the md5 hash. You will see that the problem has been resolved.