Apply security updates
To remain effective at identifying new threats, your Deep Security Agents need periodic security updates.
- Initiate security updates
- Check your security update status
- View details about pattern updates
- Revert, import, or view details about rule updates
- Configure security updates
Instead of manually checking for updates, configure Deep Security Manager to automatically check for security updates via a scheduled task. See Schedule Deep Security to perform tasks.
You can manually initiate security updates at any time, regardless of scheduled tasks.
- To get security updates on one agent, go to Computers, select the agent, then right-click and select Actions > Download Security Update.
To view the status of your security updates, go to Administration > Updates > Security.
- Trend Micro Update Server: Indicates whether relays can connect to Trend Micro ActiveUpdate to check for the latest security updates.
Deep Security: Indicates when the last successful check and download were performed, and when the next scheduled check will be performed. All Relays are in sync indicates that all relays are distributing the latest successfully downloaded pattern updates.
Out-of-sync status usually indicates that the relay cannot connect to Trend Micro Update Servers. Usually, this is not normal. You should fix network connectivity problems. In "air-gapped" deployments, however, network isolation is intentional; you must provide updates manually.
- Computers: Indicates whether any computers are out-of-date compared to the pattern updates currently on the relays. To tell all computers to get the latest pattern updates from their assigned relays, click Send Patterns to Computers.
To view a list of the components in an Anti-Malware pattern update, go to Administration > Updates > Security > Patterns. This page is displayed only when Deep Security has an active relay.
- Component: The type of update component.
- For Use By: The Deep Security product this component is intended for.
- Platform: The operating system for which the update is intended.
Current Version: The version of the component currently being distributed by the Deep Security Relays.To check which security update component version is being used on a protected computer, go to Computers, double-click the computer, and then select Updates.
- Last Updated: When the current security update was downloaded from Trend Micro.
To view a list of the most recent Intrusion Prevention, Integrity Monitoring, and Log Inspection Rules that have been downloaded into the Deep Security Manager database, go to Administration > Updates > Security > Rules.
From there you can:
View details about a rule update: Select a rule update and click View. Details include a list of the update's specific rules.
To check which rule update version a relay is distributing, go to Computers, double-click the relay, and then select Security Updates. If Anti-Malware is enabled for that computer, it also displays the computer's pattern version.
Roll back a rule update: If a recent rule update has caused problems, you can revert to a previous rule version. Select the rule update that you want to revert to and then click Rollback. Deep Security Manager generates a preview change summary so that you can confirm results before finalizing.
All policies affected by the reverted rules will be immediately updated on all computers using those policies.
- Reapply the current rule set: indicates that a rule update has been applied. To reapply that rule update to protected computers, right-click the rule update and click Reapply.
Import a rule update: Normally, rule updates are imported either manually or automatically (via scheduled task). However, if your deployment has no connectivity to the Trend Micro Update servers on the Internet (an "air-gapped" deployment), or if you are asked to do so by your support provider, you can click this button to manually upload and import a security update package.
- Export a rule update: Normally, you should not need to export a rule update unless your support provider asks you.
Delete a rule update: Removes the selected rule update from the Deep Security Manager database.
To limit the number of rule updates that are kept in the Deep Security Manager database, go to Administration > System Settings > Storage .
Security update packages must have a valid digital signature. If you try to view or use an invalid package (including old security updates that don't have a signature), then the manager displays an error message. See How Deep Security validates update integrity.
You can make the following configurations:
- Enable automatic patches for rules
- Enable automatic Anti-Malware engine updates
- Enable security updates for older agents
- Change the alert threshold for late security updates
Trend Micro sometimes updates an existing Deep Security rule to improve performance or fix a bug. To automatically apply these patches, go to Computer or Policy editorYou can change these settings for a policy or for a specific computer. To change the settings for a policy, go to the Polices page and double-click the policy that you want to edit (or select the policy and click Details). To change the settings for a computer, go to the Computers page and double-click the computer that you want to edit (or select the computer and click Details). > Settings > General and in the Send Policy Changes Immediately area, select Automatically apply Rule Updates to Policies. If it's not selected, you must manually apply downloaded rule updates to policies: go to Administration > Updates > Security and click Apply Rules to Policies.
By default, when you update Deep Security Agent software, then its Deep Security Anti-Malware engine is updated together with it. If you don't update software often, then over time, the Anti-Malware engine might become much older than the malware patterns it uses (which should be frequently updated).
For better protection, you can configure agents to automatically keep the Anti-Malware engine part of the software updated — an approach more similar to the security updates that it uses.
- Go to Computers or Policies.
- Double-click a computer or policy.
- Go to Settings > Engine Update.
For Automatically update anti-malware engine, select Yes .
If this setting is disabled, then on Computer Details > Updates > Advanced Threat Scan Engine, the Is Latest section displays "N/A".
For some platforms, Deep Security Manager20 supports older versions. See Deep Security Agent platforms.
By default, to conserve disk space, Deep Security Relay will not download and distribute security updates for these older agents. To enable security updates for them, go to Administration > System Settings > Updates. Select Allow supported 8.0 and 9.0 Agents to be updated.
Deep Security Agent 8.0 is no longer supported. This check box only applies to the 9.0 agent.
If an update has been downloaded from Trend Micro and available for some time, but computers are not updated yet, an alert occurs. For rule updates, by default, the limit is 30 minutes. For pattern updates, by default, the limit is 1 hour.
If you want to change the time limit for the alert, go to Administration > System Settings > Alerts and configure Length of time an Update can be pending before raising an Alert.