The Trellix ePolicy Orchestrator (ePO) DAT (Virus Definition) and Engine Packages are critical for malware detection and prevention. This ensures that the Trellix Endpoint Security Products have up-to-date protection against threats. Therefore, in this article, we shall discuss how to Fix Trellix ePO DAT and Engine Packages missing. Please, see Create a bootable USB on Mac: Proxmox VE Setup, and why you should not Upgrade Windows on an ePO Server.

Since this is a test server and no backup or snapshot is available, a reinstallation of ePO will be required. Please be aware that this process will result in the loss of all existing configurations. Ensure that this action aligns with your testing requirements before proceeding. Please, see Trellix ePO On-prem 5.10.0 Service pack 1 Update 3 and 5 etc .

When your Trellix ePolicy Ochestrator (ePO)is missing DAT (virus definition) and Engine packages as shown below. This step requires you to manually download and upload the (DAT and Engine) update packages from the Trellix website. And, then check them into the Master Repository. I would have used the Software Catalogue itself. But in my case, it is missing under the software menu.

As you can see below, there is no Software Catalogue under the Software Menu. Simply checking these packages in does not fix my entire issues. This is because, it happened due to deletions of extensions and packages etc.

Please, see “ePO Server Settings: Trellix ePO AD integration and ENS Agents Installation, How to deploy and integrate VHR with VBR, and Best Storage for Veeam: Comparing OOTBI by ObjectFirst to VHR.

Why would Trellix ePO Repair not work?

Trellix ePolicy Orchestrator (ePO) does not have a repair tool to fix the missing DAT, Engine packages, and the Software Catalog (Master Repository) which is essential or the update packages like DAT, Engine, and product files is missing. Therefore, the repair option is not available when running the Trellix setup.exe file.

Note: If you are having issues with corrupted installation, database errors, or misconfigurations, please ensure you have a working backup or snapshot in place in case you wish to revert. Else, you may have to perform a complete reinstallation as it is in my case.

The fix to DAT, Engine and Missing Software Catolog

This is a test instance, without a abckup, and snapshot. Therefore, the only option left is to uninstall and reinstall.

To remove ePO from your server, you can rerun the setup.exe located in the ePO installation package a sshown below by selecting remove (uninstall). Or, by uninstalling ePO from Control Panel or Windows Settings.

Note: If you rerun the setup.exe file while Trellix ePo is already installed. You are uninstalling ePo from the server!!! That is, it removes the existing ePO instance from the server. This is because the setup.exe file is responsible for the installation or reinstallation of ePO

Please, see How to update Object First OOTBI Cluster, how to Configure Object First OOTBI Appliance, and how to integrate ObjectFirst OOTBI Appliance with VBR.

Install ePO on Windows Server

Here is an article on how to perform Trellix ePolicy Orchestrator Installation on Windows Server. To do this, locate the ePO installation package and click on the setup.exe file as shown below. If there are error from the Preinstallation Auditor, please, see the Fixes to Trellix ePolicy Orchestrator Installation Errors.

If all checks are ok, click on finish on the PIA as shown below.

Ensure the ports are okay and click next to continue.

Click on install as shown below.

As you can see, the ePO is being installed.

Click on Finish and checkbox to launch Trellix ePO.

You will be prompted to login with the credentials you have created previously during the reinstallation.

As you can see below. we now have the Software Catalog available.

The Software Catalog (also reffered to as the Master Repository) in ePO is a central storage location for all software packages (including DAT, Engine, and other product extensions). It contains the packages for various Trellix security products such as the DAT and Engine updates, product extensions like VirusScan, Endpoint Security, etc. This catalog is where ePO administrators manage and update software packages and extensions before they are distributed to endpoints.

Also, see the repository package status below.

Upgrade Trellix ePolicy Orchestrator: Update to service pack 1 Update 4

Since there are updates available, I will apply it. Performing a Trellix ePolicy Orchestrator upgrade enhances system security, and improves functionality. Please, see Trellix ePO On-prem 5.10.0 Service pack 1 Update 3 upgrade, and how to upgrade Trellix ePolicy Orchestrator

Navigate to software catalog and select management Solution and click on others. Then, search for the latest ePO update as shown below and download it.

Upon download, please extract the files as shown below.

Before performing the update. Do not forget to stop some of the services as shown below.

Now, proceed to apply the updates. To do this, run the ePOupdate.exe as shown below.

When connecting to the database, if you run into issues such as Auto Close is enabled for both ePO and ePO events databases. Please, see how to Disable SQL Auto Close: Auto Close is enabled for both ePO and ePO Events Databases, and EPO core collation is {core_collation}, and ePO events DB and SQL server should match with ePO core collation.

Note: If you run into this warning message “(These product extensions are incompatible with this Trellix ePO 5.10.0 update: Upgrade or remove these product extensions to proceed – contentfeed extension 1.0.0.135 (contentfeed). By clicking “OK”, you can close the ePO Updater Tool)”.

Click on Ok and proceed to remove the extension. Start the Trellix Services that you stopped previously in order to delete the extension “contentfeed”.

Remove incompatible extension - Trellix Contentfeed

Now, go back and re-run the ePOUpdate.exe to continue with the upgrade.

Do not forget to stop the services again before performing the upgrade. Then click on continue to proceed with the update.

Click on Yes to apply the changes

As you can see, the update is in progress.

You can already close the wizard by clicking on finish as shown below.

Or wait till all the services are started and then click on Finish.

Launch the ePO Console

To do this, click on the created shortcut or navigate to the URL. Enter the username and password.

To view the applied or latest update that is running, navigate to the ePO main menu as shown below. As you can see, we have the update installed – service pack 1, update 4.