Update the Deep Security Agent

Software updates can be initiated via the Deep Security Manager, manually, or a third-party deployment system.

If your environment includes Deep Security Agents installed on Linux computers, you can choose to automatically upgrade those agents to the latest software version that's compatible with Deep Security as a Service when the agent is activated or reactivated. For details, see Automatically upgrade agents on activation.

All Deep Security Relays must be upgraded before upgrading the Deep Security Agent. Failure to do so may cause the relay upgrade to fail.

In this topic:

Update available notifications

When a new agent software version is available, a message appears on Alerts.

  1. In the alert, click Show Details and then click View all out-of-date computers.
    Computers opens with all computers showing a Software Update Status of Out-of-Date.
  2. Continue with Initiate an agent update or Manually upgrade the agent.

Initiate an agent update

Upgrade when the server is less busy.

On Administration > Updates > Software, the "Computers" section indicates whether any computers are running agents for which updates are available. The check is only performed against software that has been imported into Deep Security, not against software available from the Download Center. If any computers are out of date, either:

  • To upgrade all out-of-date computers, click Upgrade Agent / Appliance Software.
  • To upgrade a specific agent computer:
    1. Go to Computers , select the computers that you want to upgrade, and click Actions > Upgrade Agent Software.
    2. In the dialog box that appears, select the Agent Version. We recommend that you select the default Use the latest version for platform (X.Y.Z.NNNN). Click Next.

The Task(s) column on the Computers page indicates whether a computer requires a reboot to complete an agent upgrade. When the computer is in this state, it is still being protected by the older version of the Deep Security Agent. You can also create a Smart Folder that lists the computers that require a reboot. Set the Smart Folder to filter for a "Task(s)" property that contains "Reboot". (See Group computers dynamically with smart folders.)

Manually upgrade the agent

Sometimes you may not be able to update the agent software from the Deep Security Manager because of connectivity restrictions, or you may prefer to deploy updates using a third-party system. If so, you can update the agent software using an installer that you have copied to the computer.

Download the new agent software either from the Download Center, or by exporting it from the Deep Security Manager (see Get Deep Security Agent software). Then run the installer. Method varies by operating system.

Upgrade the agent on Windows

  1. Disable agent self-protection. To do this, on the Deep Security Manager, go to Computer editorTo open the Computer editor, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General. In Agent Self Protection, and then either deselect Prevent local end-users from uninstalling, stopping, or otherwise modifying the Agent or enter a password for local override.
  2. Copy the agent installer to the computer.
  3. Run the agent installer. It will detect the previous agent and perform the upgrade.

Upgrade the agent on Linux

  1. Copy the agent installer to the computer.
  2. Run the following command:
    rpm -U <new agent installer rpm>

(The "-U" argument instructs the installer to perform an upgrade.)