Skip to main content

Check out Interactive Visual Stories to gain hands-on experience with the SSE product features. Click here.

Skyhigh Security

Upgrade to Content Security Reporter 2.9.1

To upgrade to Content Security Reporter 2.9.1, first, make sure you are on Trellix ePO CU14 or CU15.

Then use the Upgrade Helper batch file, available at


If you are on ePO CU13 or Earlier

First, upgrade Trellix ePO to CU14 or CU15. CSR 2.9.0 and earlier does not support ePO CU14 or CU15.

NOTE: If you upgrade to Content Security Reporter 2.9.1 before you upgrade ePO, you will be notified that CSR 2.9.1 is an unsupported product.

  1. Go to Report Server Settings > Log sources > select all log sources and disable.
  2. Go to Report Server Settings > System Backup > Actions > Backup Now.
  3. Delete the Reporter from Registered Server.
  4. From the extension, remove Reporting, Common Catalog Plugin (Extensions > Shared Components)
  5. Also remove Analytics (Extensions > Shared Components).

If you are on ePO CU14 or Later

If you have already upgraded to Trellix ePO CU14 or later, your installed CSR will take an automatic backup every day. Continue to Upgrade to CSR 2.9.1.

You can skip the prerequisite steps if you are unable to perform them.


Issues You May Find During Upgrade

Extension Install

You may have a message saying "Unable to install extension. java.lang.IllegalStateException: A web app is already deployed at context /mesa".

How to Fix:

Navigate to Extensions > Shared Components > Delete Common Catalog Plugin and Analytics and then try to install CSR 2.9.1 extension.


Report Server Settings not available after upgrade to CSR 2.9.1

This issue arrives when you have not used CSR_Upgrade_Helper.bat file or it batch file was executed without administrator mode, it fails to copy required keystores back to the folder Content Security Reporter\reporter\jboss\standalone\configuration.

How to Fix:

  1. Navigate to Content Security Reporter\reporter\jboss\standalone\configuration.
    • If you have already upgraded from 2.7/2.8/2.9 version then you should see csr.keystore and csr.keystore.old file.
    • If you have already upgraded from 2.6 or earlier version then you should see csr.keystore and keystore.jks file.
    • If it is not there then, you can copy it manually from oldCSR_config_backup folder (only if you have used CSR_Upgrade_Helper.bat for upgrade).
  2. Delete all files in Content Security Reporter\reporter\conf\backup\ and copy backup.xml from oldCSR_config_backup folder to here.
    • After copying key store and backup.xml, restart the CSR service.
  3. In ePO™ Console, navigate to Registered Servers > Report Server > Actions > Edit > Details >  , test settings.
    • If is successful then you should be able to access Report Server Settings page.


If You Already Upgraded to 2.9.1 and you want to Upgrade ePO to CU14 or CU15 , it will show incompatible for CSR 2.9.1


How to Fix:

  1. In ePO™ Console navigate to Registered Servers > Select Report Server > Actions > Delete.
  2. Navigate to Extensions > Remove > Reporting.
  3. In Shared Components, remove Analytics.
  4. Upgrade ePO to CU14 or CU15.
  5. Install CSR 2.9.1 extension.
  6. Register CSR server.


Upgrade to CSR 2.9.1

With Batch File


IMPORTANT: When you run the CSR_Upgrade_helper.bat file, right-click and run as Administrator
  1. On the system where CSR is currently installed, create a folder named CSR291
  2. Download these three files into this folder:
    • CSR_291_Win64.exe
    • CSRUpgrade_helper.bat
  3. Open the Trellix ePO console and keep it open.
  4. IMPORTANT: Right-click the CSR_Upgrade_helper.bat file and run as Administrator
  5. The script will create the folder oldCSR_config_backup in the current directory (CSR291).


  1. Perform the steps in the following prerequisite section before you proceed to the next step. If you skip this step, you could lose incoming, processing, and waiting jobs.
    • Disable all log sources. 
    • Make sure that no logs are in progress/waiting. 
    • Take a system backup. 
    • Take a screenshot of the Memory configuration. 
    • Take a screenshot of Cache apply filter with (web)
    • Take a screenshot of Summary Cache


  1. The following steps are automated as the script runs. It will copy the latest backup.xml and required keystores from the CSR directory to the backup folder. Manual intervention is not required until you see thed question, "Are you using Internal Database [Y/N]?" 
    • If you are using an internal database, enter Y. The script will make a backup of your internal database. 
    • If not, enter N



  1. Next, manually delete the Report Server from Registered Servers.


  1. Then navigate to Extensions, select Reporting (from the right-hand side), and click Remove.


  1. The CSR 2.9.1 installer will start.


  1. The installer will load. 


  1. Click Next to upgrade Content Security Reporter.


  1. Wait until the installation is complete. Click Finish. Then click Enter to continue.


  1. Wait for the confirmation verification before proceeding to the next step.


  1. This automated step stops and starts the Content Security Reporter default database. 


  1. When Content Security Reporter restarts, the backup configuration restore starts.

First it copies backup.xml into ..\conf\backup folder.

Next it copies the keystore files into ..\configuration folder.

Finally, it performs the internal database restoration, if you entered Y for internal DB. It deletes the database, creates the database, and then restores the data into it. This step may take some time depending on your database size. Wait until you see the next instruction. If you interrupt the process, it may cause database corruption.


  • For CSR 2.6 or earlier, you will see only keystore.jks file.
  • For CSR 2.7 and later, you will see keystore.jks and csr.keystore.old file.


  1. Once the DB data is restored, both services are stopped and started.



  1. Now you need to perform a few manual post-installation configurations. Install the latest Extension.


  1. Then register the Report Server.
    If you need to reset the CSR passkey, see Reset the CSR Passkey.


  1. Once the backup restore is complete, go to the Report Server Settings > Log sources > Select all log sources > Actions > Enable


Without Batch File

Below are the steps you need to follow to Upgrade to CSR 2.9.1 manually and without Batch File.

  1. Open ePO console navigate to Report Server Settings > Log sources > select all log source > Actions > Disable.

Wait till all the jobs inside Log sources > Job queue status is set to successful

  1. Navigate to System Backup > Actions > Backup now.
  2. Copy latest backup.xml from ..\reporter\conf\ (latest backup timestamp folder) to safe location.
  3. Copy csr.keystore from ..\reporter\jboss\standalone\configuration\ to safe location.
  4. In ePO console navigate to Registered Servers > Select Report Server > Actions > Delete.
  5. Navigate to Extensions > Select Reporting > Remove.
  6. In Extensions, navigate to Shared Components > Remove (following components in the same order):
    1. Common Catalog Plugin.
    2. Analytics.
  7. If you are using internal database then please take SQL backup with following steps, If not jump to step 9:
    1. Open command prompt and navigate to ..\Content Security Reporter\reporter\mariadb\bin\.
    2. Execute.
      1. mysqldump.exe -udba -pdba --port=9129 reporting > reporting.sql

        which will create reporting.sql in bin folder in case of space issue in current location then just specify the other location as below

        mysqldump.exe -udba -pdba --port=9129 reporting > E:\reporting.sql 

    3. Do not interrupt let it complete the running process.

    4. Once is completed, open file explorer navigate to ..\Content Security Reporter\reporter\mariadb\bin\ copy reporting.sql to safe location.

  8. Uninstall CSR, verify no folders/files related to old CSR is available in installed drive.

  9. Install CSR 2.9.1, which will ask for install location, passkey (provide your old passkey in case if you have forgotten old passkey then provide any and follow Reset the CSR passkey ).

  10. Once the installation is complete, in file explorer navigate to ..\reporter\conf\ create a backup folder.

  11. Copy backup.xml into ..\reporter\conf\backup\ folder.

  12. Copy csr.keystore.old into ..\reporter\jboss\standalone\configuration\ folder.

  13. In case if you are using internal DB follow the below process:

    1. Open command prompt and navigate to ..\Content Security Reporter\reporter\mariadb\bin\.

    2. Execute following statements one after the other:

      1. mysql.exe -udba -pdba --port=9129 -e "DROP DATABASE reporting;"

      2. mysql.exe -udba -pdba --port=9129 -e "CREATE DATABASE reporting;"
      3. mysql.exe -udba -pdba --port=9129 reporting < "folder_path>\reporting.sql"
        replace <folder_path> in following statement with reporting.sql backup folder path.
        Note: this will take time based on your database size so please wait until it complete.

    3. Restart SkyhighCSR service.

  14. In ePO console navigate to Extensions, click on Extensions > install CSR 2.9.1 extension.

  15. Navigate to Registered Servers > New Server > Select Report Server > Provide any name > click on Next > Provide CSR IP and enter passkey, click on Test settings if it returns successful click on Save.
  16. Now you can access Report Server Settings page. Navigate to Database page, verify database status it should be in connected state. Then navigate to Log sources, select all log source > Actions > enable. After enabling it should start receiving/collecting logs from respective appliances.
  • Was this article helpful?