Update Deep Security software

To ensure maximum protection, keep your Deep Security Agent up to date.

Topics in this article:

How updates are performed

Updates are performed as follows:

  1. Deep Security Manager periodically connects to Trend Micro update servers to check for available updates for the Deep Security Agent, and Deep Security Manager.

    Updated software packages are automatically imported into Deep Security as a Service and appear on the Administration > Updates > Software > Local page

  2. You upgrade your agents. (See Initiate an upgrade or Upgrade agents following an alert. )

Determine how to distribute the software updates

Deep Security software updates are normally hosted and distributed by relay-enabled agents. Relays update your agents more quickly, reduce manager load, and save internet connection or WAN bandwidth. For information on how to set up relays, see Distribute security and software updates with relays.

Alternatively, if you already have a web server, you can provide software updates via the web server instead of a relay-enabled agent. To do this, you must mirror the software repository of the relay-enabled agent on your web server. For more information on configuring your own software distribution web servers, see Use a web server to distribute software updates.

Upgrade agents following an alert

When a new agent is available, the following alert appears on the Alerts page:

  1. In the alert, click Show Details and click the link, View all out-of-date computers.
    The Computers page opens with all computers showing a Software Update Status of Out-of-Date.
  2. Follow the instructions for initiating an agent upgrade, below.

Initiate an upgrade

We recommend that you upgrade at time when server demand is low.

The "Computers" section of the Administration > Updates > Software page indicates whether any computers are running agents for which updates are available. The check is only performed against software that has been imported into Deep Security, not against software available from the Download Center. If any computers are out of date, use one of the following methods to upgrade them:

  • To upgrade all out-of-date computers, click the Upgrade Agent / Appliance Software button.
  • To upgrade a specific agent computer or appliance image, go to the Computers page, select the computers that you want to upgrade, and click Actions > Upgrade Agent Software. You will be prompted to select the Agent Version. We recommend that you select the default Use the latest version for platform (X.Y.Z.NNNN). Depending on your preference, select to Upgrade Now or Use a Schedule for Upgrade and specify the time window when the upgrade will be performed. If you choose to use a schedule, the manager will upgrade the agent to the specified version once; it does not continue to upgrade the agent to future versions.
In rare circumstances, the computer may require a reboot to complete the upgrade. If this is the case, an alert will be triggered. To find out right away whether a reboot is required, check the text of the Agent Software Upgraded event to see if the platform installer indicated that a reboot is required. The Reboot Required alert must be dismissed manually, it will not be dismissed automatically.