SEP - Automatically updating blacklist problem

Hi,

I did following before the logging of automatically updating the list stopped:

- create a File Fingerprint List Blocklist under Policies where I uploaded a file with some MD5 hashes
- disabled policy inheritance for a specific group and enabled System Lockdown in Blacklist Mode and pointed to this Blocklist
- made a file index.ini with content:

[Revision]
Revision=20150616 R001
SourceFile=20150616 R001.zip
Description=NewUpdates

[FingerprintList - Default]
FingerprintListName 1="FingerprintList1.txt" REPLACE

[ApplicationNameList - Default]
My Company\Group\ADOU\ADOU="ApplicationNameList1.txt" REPLACE
My Company\Group\ADOU\ADOU="ApplicationNameList2.txt" REPLACE

- put FingerprintList1.txt in a zip called 20150616 R001.zip
- placed index.ini and 20150616 R001.zip on a FTP-server
- enabled Automatically update the whitelist or blacklist in the Server Properties under Local site in Admin - Servers, with URL for index and content referring to that FTP-server, wkith username and password

When I checked the logs:

06/16/2015 16:12:42  File fingerprint update  Site sepman  sepman  Error  The section "FingerprintList - Default" is invalid!
06/16/2015 16:12:42  File fingerprint update  Site sepman  sepman  Error  Cannot find Fingerprint List "FingerprintListName 1" from SEPM!
06/16/2015 16:12:42  File fingerprint update  Site sepman  sepman  Info  Download source file 20150616 R001.zip from "ftp://172.16.201.159" succeeded!
06/16/2015 16:12:42  File fingerprint update  Site sepman  sepman  Info  Downloading source file from "ftp://172.16.201.159".
06/16/2015 16:12:42  File fingerprint update  Site sepman  sepman  Info  Update whitelist and blacklist for revision "20150616 R001 (NewUpdates)" begin!

I saw that indeed I had to change the reference to the list with this:

[FingerprintList - Default]
Blocklist="FingerprintList1.txt" REPLACE

But I changed the filename to wildfire.txt:

[Revision]
Revision=20150616 R001
SourceFile=20150616 R001.zip
Description=NewUpdates

[FingerprintList - Default]
Blocklist="wildfire.txt" REPLACE

The log file seems to be OK:

06/16/2015 16:13:42  File fingerprint update  Site sepman  sepman  Info  Update whitelist and blacklist for revision "20150616 R001 (NewUpdates)" succeeded!
06/16/2015 16:13:42  File fingerprint update  Site sepman  sepman  Info  Update fingerprints from file "wildfire.txt" to Fingerprint List "Blocklist" of domain "Default" succeeded!
06/16/2015 16:13:42  File fingerprint update  Site sepman  sepman  Info  Download source file 20150616 R001.zip from "ftp://172.16.201.159" succeeded!
06/16/2015 16:13:42  File fingerprint update  Site sepman  sepman  Info  Downloading source file from "ftp://172.16.201.159".
06/16/2015 16:13:42  File fingerprint update  Site sepman  sepman  Info  Update whitelist and blacklist for revision "20150616 R001 (NewUpdates)" begin!

Then I went further and made more changes and put the files in current.zip:

[Revision]
Revision=current
SourceFile=current.zip
Description=NewUpdates

[FingerprintList - Default]
WildfireList="wildfire.txt" REPLACE

The logs tells me it's still OK:

06/16/2015 16:16:42  File fingerprint update  Site sepman  sepman  Info  Update whitelist and blacklist for revision "current (NewUpdates)" succeeded!
06/16/2015 16:16:42  File fingerprint update  Site sepman  sepman  Info  Update fingerprints from file "wildfire.txt" to Fingerprint List "Blocklist" of domain "Default" succeeded!
06/16/2015 16:16:42  File fingerprint update  Site sepman  sepman  Info  Download source file current.zip from "ftp://172.16.201.159" succeeded!
06/16/2015 16:16:42  File fingerprint update  Site sepman  sepman  Info  Downloading source file from "ftp://172.16.201.159".
06/16/2015 16:16:42  File fingerprint update  Site sepman  sepman  Info  Update whitelist and blacklist for revision "current (NewUpdates)" begin!

But since then the Server Activity log doesn't show any more logging about this updating. I tried using revision numbers again, with higher numbers, changing to a HTTP-server, placing the unpacked files and index.ini to the SEPM directory data/inbox/WhitelistBlacklist/content/. Nothing helps.

On the FTP-server I can still see that SEPM succesfully connects to and get index.ini, but since it fetched the current.zip-file, it won't fetch another ZIP.

At this moment the index.ini is:

[Revision]
Revision=20150617 R004
SourceFile=20150617 R004.zip
Description=NewUpdates

[FingerprintList - Default]
WildfireList="wildfire.txt" REPLACE

Has anybody an idea how to cope with this problem? I think playing with the revision name wasn't a good idea and has maybe "corrupted" this component?
Can I find some more advanced information about this (not the usual parts of the manual, have checked them all multiple times).

Thanks in advance and hopefully someone can help...

Best regards,

Peter Kruppa