Creating the Perform Windows Update synchronization task

Expand all | Collapse all

The Perform Windows Update synchronization task is only available under the Vulnerability and Patch Management license.

The features provided under the Vulnerability and Patch Management license are only available in MMC-based Administration Console, and Kaspersky Security Center 12.2 Web Console or later versions.

The Perform Windows Update synchronization task is required if you want to use the Administration Server as a WSUS server. In this case, the Administration Server downloads Windows updates to the database, and provides the updates to Windows Update on client devices, in the centralized mode through Network Agents. If the network does not use a WSUS server, each client device downloads Microsoft updates from external servers independently.

The Perform Windows Update synchronization task only downloads metadata from Microsoft servers. Kaspersky Security Center downloads the updates when you run an update installation task and only those updates that you select for installation.

Microsoft regularly deletes outdated updates from the company's servers so the number of current updates is always between 200 000 and 300 000. In Kaspersky Security Center 10 Service Pack 2 Maintenance Release 1 and earlier versions, all updates were retained: no outdated updates were deleted. As a result, the database continuously grew in size. To reduce disk space usage and database size, deletion of outdated updates that are no longer present on Microsoft update servers has been implemented in Kaspersky Security Center 10 Service Pack 3.

When running the Perform Windows Update synchronization task, the application receives a list of current updates from a Microsoft update server. Next, Kaspersky Security Center compiles a list of updates that have become outdated. At the next start of the Find vulnerabilities and required updates task, Kaspersky Security Center flags all outdated updates and sets the deletion time for them. At the next start of the Perform Windows Update synchronization task, all updates flagged for deletion 30 days ago are deleted. Kaspersky Security Center also checks for outdated updates that were flagged for deletion more than 180 days ago, and then deletes those older updates.

When the Perform Windows Update synchronization task completes and outdated updates are deleted, the database may still have the hash codes pertaining to the files of deleted updates, as well as corresponding files in the %AllUsersProfile%\Application Data\KasperskyLab\adminkit\1093\.working\wusfiles files (if they were downloaded earlier). You can run the Administration Server maintenance task to delete these outdated records from the database and corresponding files.

To create the Perform Windows Update synchronization task:

  1. In the main application window, go to DEVICESTASKS.
  2. Click Add.

    The Add Task Wizard starts. Proceed through the Wizard by using the Next button.

  3. For the Kaspersky Security Center application, select the Perform Windows Update synchronization task type.
  4. Specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
  5. Enable the Download express installation files option if you want the express update files to be downloaded when running the task.

    When Kaspersky Security Center synchronizes updates with Microsoft Windows Update Servers, information about all files is saved in the Administration Server database. All files required for an update are also downloaded to the drive during interaction with the Windows Update Agent. In particular, Kaspersky Security Center saves information about express update files to the database and downloads them when necessary. Downloading express update files leads to decreased free space on the drive.

    To avoid a decrease in disk space volume and to reduce traffic, disable the Download express installation files option.

  6. Select the applications for which you want to download updates.

    If the All applications check box is selected, updates will be downloaded for all existing applications, and for all applications that may be released in the future.

  7. Select the categories of updates that you want to download to the Administration Server.

    If the All categories check box is selected, updates will be downloaded for all existing updates categories, and for all categories that may appear in the future.

  8. Select the localization languages for the updates that you want to download to the Administration Server. Select one of the following options:
    • Download all languages, including new ones
    • Download selected languages
  9. Specify which account to use when running the task. Select one of the following options:
    • Default account
    • Specify account
  10. If on the Finish task creation page you enable the Open task details when creation is complete option, you can modify the default task settings. If you do not enable this option, the task is created with the default settings. You can modify the default settings later, at any time.
  11. Click the Finish button.

    The task is created and displayed in the list of tasks.

  12. To open the task properties window, click the name of the created task.
  13. In the task properties window, specify the general task settings according to your needs.
  14. Click the Save button.

The task is created and configured.

See also:

Scenario: Finding and fixing third-party software vulnerabilities

Scenario: Updating third-party software

Page top