Verifying downloaded updates

Expand all | Collapse all

Before installing updates to the managed devices, you can first check the updates for operability and errors through the Update verification task. The Update verification task is performed automatically as part of the Download updates to the Administration Server repository task. The Administration Server downloads updates from the source, saves them in the temporary repository, and runs the Update verification task. If the task completes successfully, the updates are copied from the temporary repository to the Administration Server shared folder. They are distributed to all client devices for which the Administration Server is the source of updates.

If, as a result of the Update verification task, updates located in the temporary repository are incorrect or if the Update verification task completes with an error, such updates are not copied to the shared folder. The Administration Server retains the previous set of updates. Also, the tasks that have the When new updates are downloaded to the repository schedule type are not started then. These operations are performed at the next start of the Download updates to the Administration Server repository task if scanning of the new updates completes successfully.

A set of updates is considered invalid if any of the following conditions is met on at least one test device:

• An update task error occurred.
• The real-time protection status of the security application changed after the updates were applied.
• An infected object was detected during running of the on-demand scan task.
• A runtime error of a Kaspersky application occurred.

If none of the listed conditions is true for any test device, the set of updates is considered valid, and the Update verification task is considered to have completed successfully.

Before you start to create the Update verification task, perform the prerequisites:

1. Create an administration group with several test devices. You will need this group to verify the updates.

   We recommend using devices with the most reliable protection and the most popular application configuration across the network. This approach increases the quality and probability of virus detection during scans, and minimizes the risk of false positives. If viruses are detected on test devices, the Update verification task is considered unsuccessful.

2. Create two tasks for Kaspersky Endpoint Security for Windows: Update and Virus Scan. You will need them to create the Update verification task. This task sequentially runs the Update and Virus Scan tasks on test devices to check that all updates are valid.

   When creating the Update and Virus Scan tasks, specify the administration group with the test devices.

To make Kaspersky Security Center verify downloaded updates before distributing them to client devices:

1. In the main menu, go to DEVICES → TASKS.
2. Click the Download updates to the Administration Server repository task.
3. In the task properties window that opens, in the Application settings tab, click the Configure button next to Run update verification.
4. In the Update verification window that opens, enable the Run update verification option.
5. If the Update verification task exists, click the Edit link. In the window that opens, select the Update verification task in the administration group with test devices.
6. If you did not create the Update verification task earlier, do the following:
   1. Click the New task button.
   2. In the Add Task Wizard that opens, specify the task name if you want to change the preset name.
   3. Select the administration group with test devices, which you created earlier.
   4. First, select the Update task of Kaspersky Endpoint Security for Windows, and then select the Virus Scan task.

      After that, the following options appear. We recommend leaving them enabled:

      • Restart the device after database update

        After anti-virus databases are updated on a device, we recommend rebooting the device.

        By default, the option is enabled.

      • Check real-time protection status after database update and device restart

        If this option is enabled, the Update verification task checks whether updates downloaded to the Administration Server repository are valid, and if the protection level decreased after the anti-virus database update and device restart.

        By default, this option is enabled.

   5. Specify an account from which the Update verification task will be run. You can use your account and leave the Default account option enabled. Alternatively, you can specify that the task should be run under another account that has the necessary access rights. To do this, select the Specify account option, and then enter the credentials of that account.
7. Click Save to close the properties window of the Download updates to the Administration Server repository task.

The automatic update verification is enabled. Now, you can run the Download updates to the Administration Server repository task, and it will start from update verification.

See also: Scenario: Regular updating Kaspersky databases and applications

Page top