Update the Deep Security Agent
Software updates can be initiated via the Deep Security Manager, manually, or a third-party deployment system.
All Deep Security Relays must be upgraded before upgrading the Deep Security Agent. Failure to do so may cause the relay upgrade to fail.
In this topic:
- Update available notifications
- Initiate an agent update
- Select the agent for newly-activated virtual appliances
- Manually upgrade the agent
When a new agent software version is available, a message appears on Alerts.
- In the alert, click Show Details and then click View all out-of-date computers.
Computers opens with all computers showing a Software Update Status of Out-of-Date.
- Continue with Initiate an agent update or Manually upgrade the agent.
Upgrade when the server is less busy.
On Administration > Updates > Software, the "Computers" section indicates whether any computers
- To upgrade all out-of-date computers, click Upgrade Agent / Appliance Software.
- To upgrade a specific agent computer
or appliance image, go to Computers , select the computers that you want to upgrade, and click Actions > Upgrade Agent Software. You will be prompted to select the Agent Version. We recommend that you select the default Use the latest version for platform (X.Y.Z.NNNN). Depending on your preference, select to Upgrade Now or Use a Schedule for Upgrade and specify the time window when the upgrade will be performed. If you choose to use a schedule, the manager will upgrade the agent to the specified version once; it does not continue to upgrade the agent to future versions.
For more information on upgrading the Deep Security Virtual Appliance, see Upgrade the Deep Security Virtual Appliance.
The Deep Security Virtual Appliance uses the protection module plug-in software packages from an agent for 64-bit Red Hat Enterprise Linux. Use the Virtual Appliance Deployment option to select the version of the Red Hat Enterprise Linux Agent software that is deployed to any newly activated virtual appliances.
When the default item of Latest Available (Recommended) is selected, the software used is the latest version of imported agent software that is compatible with the latest version of the appliance software that is imported.
Versions of the agent software that pre-date the imported appliance do not appear in the list.
Sometimes you may not be able to update the agent software from the Deep Security Manager because of connectivity restrictions, or you may prefer to deploy updates using a third-party system. If so, you can update the agent software using an installer that you have copied to the computer.
Download the new agent software either from the Download Center, or by exporting it from the Deep Security Manager (see Get Deep Security Agent software). Then run the installer. Method varies by operating system.
Upgrade the agent on Windows
- Disable agent self-protection. To do this, on the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
- Copy the agent installer to the computer.
- Run the agent installer. It will detect the previous agent and perform the upgrade.
Upgrade the agent on Linux
- Copy the agent installer to the computer.
- Run the following command:
rpm -U <new agent installer rpm>
(The "-U" argument instructs the installer to perform an upgrade.)
On Solaris 11, if you are upgrading from Deep Security Agent 9.0, you must first upgrade to Deep Security Agent 9.0.0-5616 or a later 9.0 agent, and from there, upgrade to Deep Security Agent 11.0. If you upgrade from an earlier build, the agent may fail to start. If this problem occurs, see Fix the upgrade issue on Solaris 11.
Due to the critical nature of workloads running on many Solaris Servers we recommend that you follow these best practices when upgrading:
- Test the upgrade procedure first in a staging environment before upgrading production servers.
- When upgrading production servers, upgrade one server at a time for the first few servers. Allow a soak period in between each server upgrade.
- After successfully upgrading a number of production server for each Solaris version, you can upgrade the remaining servers in groups.
- Go to Administration > Updates > Software > Download Center.
Get Deep Security Agent software.
For a mapping of Solaris versions to agent package names, see the Solaris-to-agent mapping table.
- Go to Computers.
- Find the computer that you want to upgrade.
Right-click the computer and select Actions > Upgrade Agent software.
The new agent software will be sent to the computer and the relay will be upgraded.
An upgrade on Solaris may take five minutes or longer to complete in some cases.
Alternatively, upgrade the agent manually.
Solaris 11, one zone (run in the global zone):
x86: pkg update -g file:///mnt/Agent-Solaris_5.11-9.x.x-xxxx.x86_64/Agent-Core-Solaris_5.11-9.x.x-xxxx.x86_64.p5p pkg:/security/ds-agent
SPARC: pkg update -g file:///mnt/Agent-Solaris_5.11-9.x.x-xxxx.x86_64/Agent-Solaris_5.11-9.x.x-xxxx.sparc.p5p pkg:/security/ds-agent
Solaris 11, multiple zones (run in the global zone):
pkgrepo create <path>
pkgrecv -s file://<dsa core p5p file location> -d <path> '*'
pkg set-publisher -g <path> trendmicro
pkg update pkg://trendmicro/security/ds-agent
pkg unset-publisher trendmicro
rm -rf <path>
Solaris 10: Create an installation configuration file named ds_adm.file with the following content, and then save it in the root directory. Next, run this command to install the package:
pkgadd -G -v -a /root/ds_adm.file -d Agent-Core-Solaris_5.10_U7-10.0.0-1783.x86_64.pkg
Content of ds_adm.file