Database updates

The File Threat Protection databases are kept up to date to ensure the maximum level of containerized object protection against file threats. Updates run automatically on a schedule or on demand.

When a new agent is deployed, the solution updates and then applies the updated File Threat Protection databases.

The databases are updated from the Kaspersky Container Security update server. You can use Kaspersky Update Utility to set up database and component updates from a shared directory on the corporate LAN. To do this, a device on the corporate LAN must receive update packages from Kaspersky update servers and use the utility to copy the packages to the shared directory. The other devices on the corporate LAN will be able to pull the update package from the shared directory.

When the solution is deployed in a public corporate network, an update is performed directly from the update server. When installing the solution in a private corporate network, the updated File Threat Protection databases are added to the kcs-updates container for subsequent running and updating.

Applying updated databases to a running agent does not violate active runtime protection of nodes. Database updates are recorded in the event log.

If an error occurs while updating the databases, the solution cancels the File Threat Protection updates and continues using the previously installed databases. Errors that occur during the update are logged to the events.db file located in the node-agent pod.

The events.db file is available if File Threat Protection is enabled for the group of agents.