This section provides a scenario for regular updating of Kaspersky databases, software modules, and applications. After you complete the Configuring network protection scenario, you must maintain the reliability of the protection system to make sure that the Administration Servers and managed devices are kept protected against various threats, including viruses, network attacks, and phishing attacks.
Network protection is kept up-to-date by regular updates of the following:
When you complete this scenario, you can be sure of the following:
Prerequisites
The managed devices must have a connection to the Administration Server. If they do not have a connection, consider updating Kaspersky databases and software modules manually or directly from the Kaspersky update servers.
Administration Server must have a connection to the internet.
Before you start, make sure that you have done the following:
Updating Kaspersky databases and applications proceeds in stages:
There are several schemes that you can use to install updates for security applications. Choose the scheme or several schemes that meet the requirements of your network best.
This task is created automatically by Kaspersky Security Center quick start wizard. If you did not run the wizard, create the task now.
This task is required to download updates from Kaspersky update servers to the repository of the Administration Server, as well as to update Kaspersky databases and software modules for Kaspersky Security Center Linux. After the updates are downloaded, they can be propagated to the managed devices.
If your network has assigned distribution points, the updates are automatically downloaded from the Administration Server repository to the repositories of the distribution points. In this case, the managed devices included in the scope of a distribution point download the updates from the repository of the distribution point instead of the Administration Server repository.
How-to instructions: Creating the task for downloading updates to the repository of the Administration Server
By default, the updates are downloaded to the distribution points from the Administration server. You can configure Kaspersky Security Center Linux to download the updates to the distribution points directly from Kaspersky update servers. Download to the repositories of distribution points is preferable if the traffic between the Administration Server and the distribution points is more expensive than the traffic between the distribution points and Kaspersky update servers, or if your Administration Server does not have internet access.
When your network has assigned distribution points and the Download updates to the repositories of distribution points task is created, the distribution points download updates from Kaspersky update servers, and not from the Administration Server repository.
How-to instructions: Creating the task for downloading updates to the repositories of distribution points
When your network has assigned distribution points, make sure that the Deploy updates option is enabled in the properties of all required distribution points. When this option is disabled for a distribution point, the devices included in the scope of the distribution point download updates from the repository of the Administration Server.
You can optimize traffic between the Administration Server and the managed devices by using diff files. When this feature is enabled, the Administration Server or a distribution point downloads diff files instead of entire files of Kaspersky databases or software modules. A diff file describes the differences between two versions of a file of a database or software module. Therefore, a diff file occupies less space than an entire file. This results in decrease in the traffic between the Administration Server or distribution points and the managed devices. To use this feature, enable the Download diff files option in the properties of the Download updates to the Administration Server repository task and/or the Download updates to the repositories of distribution points task.
How-to instructions: Using diff files for updating Kaspersky databases and software modules
Create the Update tasks for the managed applications to provide timely updates to the software modules and Kaspersky databases, including anti-virus databases. To ensure timely updates, we recommend that you select the When new updates are downloaded to the repository option when configuring the task schedule.
If your network includes IPv6-only devices, and you want to regularly update the security applications installed on these devices, make sure that the Administration Server version 13.2 or a later version and the Network Agent version 13.2 or a later version are installed on managed devices.
If an update requires reviewing and accepting the terms of the End User License Agreement, then you first need to accept the terms. After that the update can be propagated to the managed devices.
By default, the downloaded software updates have the Undefined status. You can change the status to Approved or Declined. The approved updates are always installed. If an update of a managed Kaspersky application requires reviewing and accepting the terms of the End User License Agreement, then you first need to accept the terms. After that the update can be propagated to the managed devices. The updates for which you set Declined status will not be installed on devices. If a declined update for a managed application was previously installed, Kaspersky Security Center Linux will try to uninstall the update from all devices.
Approving and declining updates is available only for Network Agent and managed Kaspersky applications installed on Windows-based client devices. Seamless updating of Administration Server, Kaspersky Security Center Web Console, and management web plug-ins is not supported.
How-to instructions: Approving and declining software updates
Results
Upon completion of the scenario, Kaspersky Security Center Linux is configured to update Kaspersky databases after the updates are downloaded to the repository of the Administration Server. You can then proceed to monitoring the network status.
Page top