Synchronizing updates from Windows Update with Administration Server
Dec 4, 2023
If you have selected Use Administration Server as a WSUS server in the Update management settings window of the quick start wizard, the Windows Update synchronization task is created automatically. You can run the task in the Tasks folder. The functionality of a Microsoft software update is only available after the Perform Windows Update synchronization task is successfully completed.
Microsoft software updates may exceed 10 GB. Ensure that the Administration Server database is capable of accommodating such volumes; otherwise, the Perform Windows Update synchronization task will fail. The Microsoft SQL Express database is not supported for the Perform Windows Update synchronization task.
The Perform Windows Update synchronization task only downloads metadata from Microsoft servers. If the network does not use a WSUS server, each client device downloads Microsoft updates from external servers independently.
To create a task for synchronizing Windows Updates with Administration Server:
- In the Advanced → Application management folder in the console tree, select the Software updates subfolder.
- Click the Additional actions button and select Configure Windows Update synchronization in the drop-down list.
The wizard creates the Perform Windows Update synchronization task displayed in the Tasks folder.
The Windows update center data retrieval task creation wizard starts. Follow the instructions of the wizard.
You can also create the Windows Update synchronization task in the Tasks folder by clicking Create a task.
Microsoft regularly deletes outdated updates from the company's servers so the number of current updates is always between 200,000 and 300,000. To reduce disk space usage and database size, Kaspersky Security Center deletes the outdated updates that are no longer present on Microsoft update servers.
When running the Perform Windows Update synchronization task, the application receives a list of current updates from a Microsoft update server. Next, Kaspersky Security Center compiles a list of updates that have become outdated. At the next start of the Find vulnerabilities and required updates task, Kaspersky Security Center flags all outdated updates and sets the deletion time for them. At the next start of the Perform Windows Update synchronization task, all updates flagged for deletion 30 days ago are deleted. Kaspersky Security Center also checks for outdated updates that were flagged for deletion more than 180 days ago, and then deletes those older updates.
When the Perform Windows Update synchronization task completes and outdated updates are deleted, the database may still have the hash codes pertaining to the files of deleted updates, as well as corresponding files in the %AllUsersProfile%\Application Data\KasperskyLab\adminkit\1093\.working\wusfiles files (if they were downloaded earlier). You can run the Administration Server maintenance task to delete these outdated records from the database and corresponding files.