Types of Deep Security updates from Trend Micro include:
Pattern updates: Used by Anti-Malware.
Rule updates: Used by:
- Intrusion Prevention
- Integrity Monitoring
- Log Inspection
(Application Control rule updates are created locally, based on your computers' software. They are not from Trend Micro.)
The Anti-Malware engine in agent
Trend Micro releases new rule updates every Tuesday, with additional updates as new threats are discovered. Information about the updates is available in the Trend Micro Threat Encyclopedia.
Deep Security Manager periodically connects to Trend Micro Update servers to check for updates to software
- Deep Security Agent
- Deep Security Virtual Appliance
- Deep Security Manager
This checks based on the local inventory, not the Download Center. (There is a separate alert for new software on the Download Center.)
Deep Security will only inform you of minor version updates-not major-of software.
For example, if you have Deep Security Agent 9.6.100, and Trend Micro releases 9.6.200, an alert will tell you that software updates are available. However, if 10.0.xxx (a major version difference) is released and you don't have any 10.0 agents, the alert will not appear (even though 10.0is newer than 9.6.100).
When imported, software is stored in the Deep Security Manager database. Imported software is periodically replicated to relays.
Both software updates and security updates are digitally signed. In addition to automatic checks, if you want to manually validate the signatures or checksums, you can use external tools such as:
- sha256sum (Linux)
- Checksum Calculator (Windows)
- jarsigner (Java Development Kit (JDK); see Check digital signatures on software packages)
When security updates are viewed, used, or imported into the Deep Security Manager database (either manually or automatically, via scheduled task), the manager validates the signature. A correct digital signature indicates that the software is authentically from Trend Micro and hasn't been corrupted or tampered with. If the digital signature is invalid, the manager does not use the file. A warning is also recorded in log files such as server0.log:
WARNING: ThID:85|TID:0|TNAME:Primary|UID:1|UNAME:MasterAdmin|Verifying the signature failed.
com.thirdbrigade.manager.core.general.exceptions.FileNotSignedValidationException: "corrupted_rules.zip." has not been digitally signed by Trend Micro and cannot be imported.
If you manually import a security update package with an invalid digital signature, the manager also displays an error message.
Old security updates that aren't signed will fail validation if they are used, even if you successfully imported them in a previous version of Deep Security Manager that did not enforce signatures. For better protection, use new security updates instead. However if you still require the old security updates, you can contact your support provider to request a file that is signed, and then manually import the security update.
Deep Security Agent also validates the digital signature, compares checksums (sometimes called hashes or fingerprints) and uses other, non-disclosed integrity methods.
Software checksums (also called hashes or fingerprints) are published on the Download Center. To view the SHA-256 hash, click the + button next to the software's name.