About upgrades

To ensure maximum protection, upgrade your software, security rules and malware patterns when updates are available. Upgrade types include:

Relays distribute both software updates and security updates to your agents. Software updates (but not security updates) can alternatively be distributed by a local mirror web server.

All Deep Security Relays must be upgraded before upgrading the Deep Security Agent. Failure to do so may cause the relay upgrade to fail.

In this topic:

How agents validate the integrity of updates

All security updates are verified for integrity by Deep Security using methods that include digital signatures and checksums (hashes) as well as other, non-disclosed methods. Software updates are digitally signed.

If you want to manually validate signatures or the checksums available on the Download Center, you can also use a tool such as:

  • sha256sum (Linux)
  • Checksum Calculator (Windows)
  • jarsigner (Java Development Kit (JDK))

For example, you could enter this command to verify a download's signature:

jarsigner -verify <filename>.zip

How Deep Security Manager checks for software updates

Deep Security Manager periodically connects to Trend Micro update servers to check for updates to software, such as:

  • Deep Security Agent
  • Deep Security Manager

The check is made against the local inventory, not against what is available on the Download Center. (There is a separate alert for new software on the Download Center.)

Deep Security will only inform you of minor version updates-not major-of software.
For example, if you have agent version 9.6.100, and Trend Micro releases agent version 9.6.200, an alert will tell you that software updates are available. However, if Trend Micro then releases agent version 10.0.xxx (a major version difference) and you don't have any 10.0 agents in the database, no alert will appear (even though 10.0is newer than 9.6.100).

Updated software packages are automatically imported into Deep Security as a Service and appear on Administration > Updates > Software > Local.