Kaspersky Embedded Systems Security for Windows database and software modules updating schemes
The choice of update source in update tasks depends on the update scheme for databases and software modules used in the organization.
Kaspersky Embedded Systems Security for Windows databases and modules can be updated on the protected devices using the following schemes:
- Download updates directly from the Internet to each protected device (Scheme 1).
- Download updates from the Internet to an intermediate device and distribute updates to protected devices from that device.
Any device with the software listed below installed can serve as an intermediate device:
- Kaspersky Embedded Systems Security for Windows (Scheme 2).
- Kaspersky Security Center Administration Server (Scheme 3).
Updating using an intermediate device not only reduces Internet traffic, but also provides additional network protected device security.
- Download database updates to each protected device via a secure removable drive (scheme 4).
The update schemes listed are described below.
Scheme 1. Updating databases and modules directly from the Internet
To configure Kaspersky Embedded Systems Security for Windows updates directly from the Internet:
on each protected device in the settings of the Database Update task and the Software Modules Update task, specify Kaspersky's update servers as the source of updates.
Other HTTP or FTP servers that have an update folder can be configured as the update source.
Scheme 1: Updating databases and modules directly from the Internet
Scheme 2. Updating databases and modules via one of the protected devices
To configure Kaspersky Embedded Systems Security for Windows updates via one of the protected devices:
- Copy updates to the selected protected device.
- Configure the Copying Updates task settings on the selected protected device:
- Specify Kaspersky's update server as the update source.
- Specify a shared folder to be used as the folder where updates are saved.
We recommend to deny access to the shared folder for relaying updates to all user groups on the device with the shared folder, except for the Administrators and SYSTEM groups. We recommend to grant the Administrators group read, view, and run rights, and grant full access to the SYSTEM group.
- Configure the Copying Updates task settings on the selected protected device:
- Distribute updates to other protected devices.
- On each of the protected devices, configure the Application Database Update and Software Module Updates tasks.
- For the update source, specify a folder on the intermediate device's drive to which updates will be downloaded.
- Specify the folder where the updates will be saved.
We recommend to deny access to the folder where updates are saved for all device user groups except for the Administrators and SYSTEM groups. We recommend to grant the Administrators group read, view, and run rights, and grant full access to the SYSTEM group.
- On each of the protected devices, configure the Application Database Update and Software Module Updates tasks.
Kaspersky Embedded Systems Security for Windows will obtain updates via one of the protected devices.
Scheme 2: Updating databases and modules via one of the protected devices
Scheme 3. Updating databases and modules via Kaspersky Security Center Administration Server
If you are using Kaspersky Security Center to centrally manage antivirus protection for devices, you can download updates via the Kaspersky Security Center Administration Server installed on your local network.
Scheme 3: Updating databases and modules via Kaspersky Security Center Administration Server
To configure Kaspersky Embedded Systems Security for Windows updates via the Kaspersky Security Center Administration Server:
- Install the Network Agent on each of the protected devices. The Network Agent is a software component included in the Kaspersky Security Center distribution kit. This ensures interaction between the Administration Server and Kaspersky Embedded Systems Security for Windows on the protected device. Detailed information about Network Agent and its configuration using Kaspersky Security Center is provided in the Kaspersky Security Center Help.
- Download updates from Kaspersky update servers to Kaspersky Security Center Administration Server.
- Configure the Retrieve Updates by Administration Server task for the specified set of protected devices:
- Specify Kaspersky's update server as the update source.
- Configure the Retrieve Updates by Administration Server task for the specified set of protected devices:
- Distribute updates to protected devices. To do so, perform one of the following actions:
- On the Kaspersky Security Center configure an Anti-Virus database (application module) update group task to distribute updates to protected devices:
- In the task schedule specify After Administration Server has retrieved updates as the start frequency.
Administration Server will start the task each time it receives updates (recommended method).
The After Administration Server has retrieved updates start frequency cannot be specified in the Application Console.
- In the task schedule specify After Administration Server has retrieved updates as the start frequency.
- On each protected device, configure the Database Update task and the Software Modules Update task:
- Specify the Kaspersky Security Center Administration Server as the update source.
- Configure the task schedule if necessary.
If Kaspersky Embedded Systems Security for Windows anti-virus databases are rarely updated (from once a month to once a year), the likelihood of detecting threats decreases and the frequency of false alarms raised by application components increases.
- On the Kaspersky Security Center configure an Anti-Virus database (application module) update group task to distribute updates to protected devices:
Kaspersky Embedded Systems Security for Windows will obtain updates via the Kaspersky Security Center Administration Server.
Scheme 4. Updating application databases from a secure removable drive
To update Kaspersky Embedded Systems Security for Windows databases from a secure removable drive:
- Connect a Rutoken removable drive to the protected computer.
- Add an allow rule to the Device Control task for the connected Rutoken removable drive.
- In the Application Console on the device for which the most up-to-date antivirus databases are available, start, configure, and run the Secure Application Database Copy task. Select a Rutoken removable drive as the secure removable drive.
- In the Application Console on the protected device where you need to update the application databases, start and run the Secure Application Database Update task. Select the connected Rutoken removable drive you copied the application databases to as the secure removable drive.
Kaspersky Embedded Systems Security for Windows will receive the updated application databases from the Rutoken secure removable drive.