Scenario: Regular updating of Kaspersky databases and applications
Oct 23, 2023
This section provides a scenario for regular updating of Kaspersky databases, software modules, and applications. After you complete the Configuring network protection scenario, you must maintain the reliability of the protection system. This maintenance ensures that protection of the managed devices remains firm against a range of threats, including viruses, network attacks, and phishing attacks.
There are several schemes that you can use to install updates to Kaspersky Security Center Cloud Console components and security applications. Choose one or more schemes that meet the requirements of your network best.
The scenario below describes the update scheme that implies downloading updates to the distribution point repositories. If the managed devices do not have a connection to the distribution points, consider updating Kaspersky databases, software modules, and applications manually or directly from the Kaspersky update servers.
When you complete this scenario, the following results occur:
- Kaspersky Security Center Cloud Console components are updated automatically or only when you designate the Approved status for the updates.
- Kaspersky security applications, Kaspersky databases, and software modules are updated according to the schedule that you specified. By default, Kaspersky security applications install only those updates that you approve.
You can configure the update process to download and install updates in either of two ways:
In this case you have to perform this scenario only once. You will have to schedule the Download updates to the repositories of distribution points task (if any) and the Update tasks for the Kaspersky security applications, and keep the default update settings that are in the Network Agent properties.
You can configure the update process to run the Download updates to the repositories of distribution points task (if any) and the Update tasks for the Kaspersky security applications manually. You can also configure Network Agent to install updates for the Kaspersky Security Center Cloud Console components only when you designate the Approved status for the updates.
Before you start, make sure that you have done the following:
- Deployed the Kaspersky security applications to the managed devices according to the scenario of deploying Kaspersky applications through Kaspersky Security Center Cloud Console. When performing that scenario, you assigned an appropriate amount of distribution points in accordance with the number of managed devices and the network topology.
- Created and configured all required policies, policy profiles, and tasks according to the scenario of configuring network protection.
Configuration of regular updating of Kaspersky databases and applications proceeds in stages:
- Creating the task for downloading updates to the repositories of distribution points
Create the Download updates to the repositories of distribution points task. When this task is run, Kaspersky Security Center Cloud Console downloads the updates to the distribution points directly from Kaspersky update servers.
How-to instructions: Creating the task for downloading updates to the repositories of distribution points
- Configuring distribution points
Make sure that the Deploy updates option is enabled in the properties of all required distribution points. When this option is disabled for a distribution point, the devices included in the scope of the distribution point can download updates only from a local resource or directly from Kaspersky update servers.
If you want the managed devices to receive updates only from the distribution points, enable the Distribute files through distribution points only option in the Network Agent policy.
- Optimizing the update process by using diff files (optional)
Enabling this feature results in decrease in the traffic between the distribution points and the managed devices. To use this feature, enable the Download diff files option in the properties of the Download updates to the repositories of distribution points task.
How-to instructions: Using diff files for updating Kaspersky databases and software modules
- Defining which updates to install
By default, the downloaded software updates have the Undefined status. Change the status to Approved or Declined to define if this update should be installed on networked devices. The approved updates are always installed. The undefined updates can only be installed on Network Agent and other Kaspersky Security Center Cloud Console components in accordance with the Network Agent policy settings. The updates for which you set Declined status will not be installed on devices.
- Configuring automatic installation of updates and patches for Kaspersky Security Center Cloud Console components
By default, the downloaded updates and patches for Network Agent and other Kaspersky Security Center Cloud Console components are installed automatically. If you have left the Automatically install applicable updates and patches for components that have the Undefined status option enabled in the Network Agent properties, then all updates will be installed automatically after they are downloaded to the repository (or several repositories). If this option is disabled, Kaspersky patches that have been downloaded and tagged with the Undefined status will be installed only after you change their status to Approved.
- Configuring automatic installation of updates for the security applications
Create the Update tasks for the managed applications to provide timely updates to the applications, software modules and Kaspersky databases, including anti-virus databases. We recommend that you select the When new updates are downloaded to the repository option when configuring the task schedule. This will ensure that new updates are installed as soon as possible.
By default, updates for the managed applications are installed only after you change the update status to Approved. For Kaspersky Endpoint Security for Windows, you can change the update settings in the Update task.
If an update requires reviewing and accepting the terms of the End User License Agreement, then you first need to accept the terms. After that the update can be propagated to the managed devices.
How-to instructions: Automatic installation of Kaspersky Endpoint Security updates on devices
Upon completion of the scenario, you can proceed to monitoring the network status.