About upgrades

To ensure maximum protection, upgrade your software, security rules and malware patterns when updates are available. Upgrade types include:

Relays distribute both software updates and security updates to your agents and virtual appliances. Software updates (but not security updates) can alternatively be distributed by a local mirror web server.

All Deep Security Relays must be upgraded before upgrading the Deep Security Agent. If you do not upgrade your relays first, security component upgrades and software upgrades may fail. See Upgrade the Deep Security Relay for details.

In this topic:

How agents validate the integrity of updates

All security updates are verified for integrity by Deep Security using methods that include digital signatures and checksums (hashes) as well as other, non-disclosed methods. Software updates are digitally signed.

If you want to manually validate signatures or the checksums available on the Download Center, you can also use a tool such as:

  • sha256sum (Linux)
  • Checksum Calculator (Windows)
  • jarsigner (Java Development Kit (JDK))

For example, you could enter this command to verify a download's signature:

jarsigner -verify <filename>.zip

How Deep Security Manager checks for software upgrades

Deep Security Manager periodically connects to Trend Micro update servers to check for updates to software that you have imported into the Deep Security Manager database, such as:

  • Deep Security Agent
  • Deep Security Virtual Appliance
  • Deep Security Manager

The check is made against the local inventory, not against what is available on the Download Center. (There is a separate alert for new software on the Download Center.)

Deep Security will only inform you of minor version updates-not major-of software.
For example, if you have agent version 9.6.100, and Trend Micro releases agent version 9.6.200, an alert will tell you that software updates are available. However, if Trend Micro then releases agent version 10.0.xxx (a major version difference) and you don't have any 10.0 agents in the database, no alert will appear (even though 10.0is newer than 9.6.100).

An alert on the manager will notify you that software updates are available. The "Trend Micro Download Center" section on Administration > Updates > Software also indicates whether there are updates available. Once you import (download) software into the Deep Security Manager database, you can upgrade the software in your deployment. See Upgrade the Deep Security Agent and Upgrade the Deep Security Virtual Appliance.

To see all software packages that are available for download (even if you haven't imported it before), go to Administration > Updates > Software > Download Center.

To determine when the last check was performed, whether it was successful, or to manually initiate a check for updates, go to Administration > Updates > Software and view the "Deep Security" section. If you have configured a scheduled task to check for updates, the date and time of the next scheduled check is also listed here. See Schedule Deep Security to perform tasks

When imported, software is stored in the Deep Security Manager database. Imported software is periodically replicated to relay-enabled agents.