Verifying downloaded updates
Dec 4, 2023
Before installing updates to the managed devices, you can first check the updates for operability and errors through the Update verification task. The Update verification task is performed automatically as part of the Download updates to the Administration Server repository task. The Administration Server downloads updates from the source, saves them in the temporary repository, and runs the Update verification task. If the task completes successfully, the updates are copied from the temporary repository to the Administration Server shared folder. They are distributed to all client devices for which the Administration Server is the source of updates.
If, as a result of the Update verification task, updates located in the temporary repository are incorrect or if the Update verification task completes with an error, such updates are not copied to the shared folder. The Administration Server retains the previous set of updates. Also, the tasks that have the When new updates are downloaded to the repository schedule type are not started then. These operations are performed at the next start of the Download updates to the Administration Server repository task if scanning of the new updates completes successfully.
A set of updates is considered invalid if any of the following conditions is met on at least one test device:
- An update task error occurred.
- The real-time protection status of the security application changed after the updates were applied.
- An infected object was detected during running of the on-demand scan task.
- A runtime error of a Kaspersky application occurred.
If none of the listed conditions is true for any test device, the set of updates is considered valid, and the Update verification task is considered to have completed successfully.
Before you start to create the Update verification task, perform the prerequisites:
- Create an administration group with several test devices. You will need this group to verify the updates.
We recommend using devices with the most reliable protection and the most popular application configuration across the network. This approach increases the quality and probability of virus detection during scans, and minimizes the risk of false positives. If viruses are detected on test devices, the Update verification task is considered unsuccessful.
- Create the update and malware scan tasks for an application supported by Kaspersky Security Center, for example, Kaspersky Endpoint Security for Windows or Kaspersky Security for Windows Server. When creating the update and malware scan tasks, specify the administration group with the test devices.
The Update verification task sequentially runs the update and malware scan tasks on test devices to check that all updates are valid. In addition, when creating the Update verification task, you need to specify the update and malware scan tasks.
- Create the Download updates to the Administration Server repository task.
To make Kaspersky Security Center verify downloaded updates before distributing them to client devices:
- In the main menu, go to Devices → Tasks.
- Click the Download updates to the Administration Server repository task.
- In the task properties window that opens, go to the Application settings tab, and then enable the Run update verification option.
- If the Update verification task exists, click the Select task button. In the window that opens, select the Update verification task in the administration group with test devices.
- If you did not create the Update verification task earlier, do the following:
- Click the New task button.
- In the New task wizard that opens, specify the task name if you want to change the preset name.
- Select the administration group with test devices, which you created earlier.
- First, select the update task of a required application supported by Kaspersky Security Center, and then select the malware scan task.
After that, the following options appear. We recommend leaving them enabled:
- Specify an account from which the Update verification task will be run. You can use your account and leave the Default account option enabled. Alternatively, you can specify that the task should be run under another account that has the necessary access rights. To do this, select the Specify account option, and then enter the credentials of that account.
- Click Save to close the properties window of the Download updates to the Administration Server repository task.
The automatic update verification is enabled. Now, you can run the Download updates to the Administration Server repository task, and it will start from update verification.