Upgrade Deep Security - overview

To ensure maximum protection, you must periodically upgrade your software and security rules and malware patterns. There are few categories of upgrade:

  • Software update: A 'software update' is a package of updated software. Trend Micro periodically releases software updates for the Deep Security Agent, Relay, and Manager. Distributing and installing an update involves few, if any, manual steps, and can be done from within Deep Security Manager.
  • Security update: A 'security update' is an update to the security rules and malware patterns that Deep Security uses to identify potential threats. See Get and distribute security updates.

Topics in this article:

How software updates are performed

Updates are performed as follows:

  1. Deep Security Manager periodically connects to Trend Micro update servers to check for available updates for the Deep Security Agent, and Deep Security Manager.

    Updated software packages are automatically imported into Deep Security as a Service and appear on the Administration > Updates > Software > Local page

  2. You upgrade your agents. (See Update the Deep Security Agent.) )

How to distribute software updates (relays)

Both software updates and security updates need to be distributed to your agents. The recommended way to retrieve and distribute the updates is to use a relay. A relay is a Deep Security Agent where you have enabled the relay feature. Relays update your agents more quickly, reduce manager load, and save internet connection or WAN bandwidth. For information on how to set up relays, see Distribute security and software updates with relays.

Alternatively, if you already have a web server, you can provide agent software updates via the web server instead of a relay-enabled agent. To do this, you must mirror the software repository of the relay-enabled agent on your web server. For more information on configuring your own software distribution web servers, see Use a web server to distribute software updates.

How to upgrade specific Deep Security components

After importing the software updates into Deep Security Manager, they are ready to be installed.

For more information on upgrading the Deep Security Agent and relays, see Update the Deep Security Agent.

How do agents validate the content of updates provided by the manager?

All security content has integrity validation performed on it using methods that include digital signatures and checksums as well as other non-disclosed methods.

If you are using manager-initiated communication, see