Security and software updates
To ensure maximum protection you must keep your Software and Security Rules and Patterns up to date. The Updates tab on the Administration > System Settings page allows you to set the location where Deep Security Manager checks for updates. To see the status of current updates, go to the Administration > Updates page.
Primary Security Update Source
- Trend Micro Update Server: Connect to the default Trend Micro Update Server.
- Other Update Source: If you were given an alternative source for updates, enter the URL here including "http://"
or "https://". (SSL connections are supported.)
- Allow Agents/Appliances to download Pattern Updates from Primary Update Source if Relays are not available: If an agent/applianceThe Deep Securty Agent and Deep Security Virtual Appliance are the components that enforce the Deep Security policies that you have defined. Agents are deployed directly on a computer. Appliances are used in VMware vSphere environments to provide agentless protection. They are not available with Deep Security as a Service. cannot communicate with the Relay, it will download pattern files directly from the Trend Micro Update Server (or other update source).
- Allow Agents/Appliances to download Pattern Updates when Deep Security Manager is not accessible: Normally, the Deep Security Manager instructs Agents/Appliances to download Pattern Updates. When this option is selected, even though an Agent cannot communicate with the Deep Security Manager, it will continue to download updates from its configured source.
- Automatically Apply Rule Updates to Policies: With this option selected, newly downloaded Security Rule Updates will automatically be applied to Deep Security Policies. If this option is not selected, you will have to manually apply downloaded Rule Updates to Policies from the Administration > Updates > Security page by clicking on the Apply Rules to Policies button.
By default, changes to Policies are automatically applied to computers. You can change this behavior by opening a Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General window and changing the Automatically send Policy changes to computers setting in the Send Policy Changes Immediately area.
- Support 9.0 (and earlier) Agents: Deep Security Security Update packages in versions 9.5 and later are in a different format than those from Deep Security 9.0 and earlier. If you are not running any Deep Security 9.0 Agents or Appliances, you should uncheck this option so you are not downloading unnecessary content.
- Download Patterns for all Regions: If this option is unchecked, a Relay will only download and distribute Patterns for the region (locale) the Deep Security manager was installed in. If you are operating in Multi-Tenancy mode and any of your Tenants are running their Deep Security installations in regions other than your own, you should keep this option checked.
- Use the Primary Tenant Relay Group as my Default Relay Group (for unassigned Relays): By default, the Primary Tenant gives Tenants access to the its Relays, which means that Tenants do not need to set up their own Relays for security updates. If you do not want your Tenant environment to use those shared Relays, deselect this option and set up dedicated Relays for this Tenant.
If your Primary Tenant has chosen to not share their Default Relay group, when you click Administration > Updates > Relay Groups, the Relay Group Name will be "Default Relay Group" rather than "Primary Tenant Relay Group", and you will need to set up your own dedicated Relays.This setting appears only if you have enabled Multi-Tenant mode.
Trend Micro Download Center
Does not apply to Deep Security as a Service
- Automatically download updates to imported software: Select this option to automatically download updates to any software that you have already imported to Deep Security. This setting will download the software to the Deep Security but will not automatically update your Agent or Appliance software.
Updating the Deep Security software on your computers must be done manually by either selecting the computer(s) on the Computers page and selecting Upgrade Agent from the Actions menu, or by opening the Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details)., going to Overview > Actions > Software and clicking Upgrade Agent .
- Allow Relays to download software updates from Trend Micro Download Center when Deep Security Manager is not accessible: Select this option to enable Relays to download software updates directly from the Trend Micro Download Center when they cannot connect to the Deep Security Manager. This option is useful when your Deep Security Manager is in an enterprise environment and you are managing computers in a cloud environment. If you enable this option and configure a Relay in the cloud, the Relay will be able to get software updates directly from the Download Center, removing the need for manual software upgrades or opening port numbers into your enterprise environment from the cloud.
Alternate software update distribution server(s) to replace Deep Security Relays:
Deep Security Relays are usually used to host Agent Software Updates. However, you can optionally use your own web servers to distribute Agent software packages. To use your own web servers for software distribution, enter the URL to the directory hosting the software.
Virtual Appliance Version Control
Does not apply to Deep Security as a Service
The Deep Security Virtual Appliance uses the same Protection Module plug-in software packages as the 64-bit Red Hat Enterprise Linux Agent. Upon activation of the Virtual Appliance, Deep Security will check the inventory of imported software for the latest version of the Red Hat Enterprise Linux Agent to see if there are updates available. You can use this control to manage the version of the Red Hat Enterprise Linux Agent software that will be used to update any newly activated Virtual Appliances.