Scenario: Regular updating of Kaspersky databases and applications

December 9, 2024

ID 180689

This section provides a scenario for regular updating of Kaspersky databases, software modules, and applications. After you complete the Configuring network protection scenario, you must maintain the reliability of the protection system. This maintenance ensures that protection of the managed devices remains firm against a range of threats, including viruses, network attacks, and phishing attacks.

There are several schemes that you can use to install updates to Kaspersky Security Center Cloud Console components and security applications. Choose one or more schemes that meet the requirements of your network best.

The scenario below describes the update scheme that implies downloading updates to the distribution point repositories. If the managed devices do not have a connection to the distribution points, consider updating Kaspersky databases, software modules, and applications manually or directly from the Kaspersky update servers.

When you complete this scenario, the following results occur:

  • Kaspersky Security Center Cloud Console components are updated automatically or only when you designate the Approved status for the updates.
  • Kaspersky security applications, Kaspersky databases, and software modules are updated according to the schedule that you specified. By default, Kaspersky security applications install only those updates that you approve.

You can configure the update process to download and install updates in either of two ways:

  • Automatically

    In this case you have to perform this scenario only once. You will have to schedule the Download updates to the repositories of distribution points task (if any) and the Update tasks for the Kaspersky security applications, and keep the default update settings that are in the Network Agent properties.

  • Manually

    You can configure the update process to run the Download updates to the repositories of distribution points task (if any) and the Update tasks for the Kaspersky security applications manually. You can also configure Network Agent to install updates for the Kaspersky Security Center Cloud Console components only when you designate the Approved status for the updates.

Prerequisites

Before you start, make sure that you have done the following:

  1. Deployed the Kaspersky security applications to the managed devices according to the scenario of deploying Kaspersky applications through Kaspersky Security Center Cloud Console. When performing that scenario, you assigned an appropriate amount of distribution points in accordance with the number of managed devices and the network topology.
  2. Created and configured all required policies, policy profiles, and tasks according to the scenario of configuring network protection.

Stages

Configuration of regular updating of Kaspersky databases and applications proceeds in stages:

  1. Creating the task for downloading updates to the repositories of distribution points

    Create the Download updates to the repositories of distribution points task. When this task is run, Kaspersky Security Center Cloud Console downloads the updates to the distribution points directly from Kaspersky update servers.

    How-to instructions: Creating the task for downloading updates to the repositories of distribution points

  2. Configuring distribution points

    Make sure that the Deploy updates option is enabled in the properties of all required distribution points. When this option is disabled for a distribution point, the devices included in the scope of the distribution point can download updates only from a local resource or directly from Kaspersky update servers.

    If you want the managed devices to receive updates only from the distribution points, enable the Distribute files through distribution points only option in the Network Agent policy.

  3. Optimizing the update process by using diff files (optional)

    Enabling this feature results in decrease in the traffic between the distribution points and the managed devices. To use this feature, enable the Download diff files option in the properties of the Download updates to the repositories of distribution points task.

    How-to instructions: Using diff files for updating Kaspersky databases and software modules

  4. Defining which updates to install

    By default, the downloaded software updates have the Undefined status. Change the status to Approved or Declined to define if this update should be installed on networked devices. The approved updates are always installed. The undefined updates can only be installed on Network Agent and other Kaspersky Security Center Cloud Console components in accordance with the Network Agent policy settings. The updates for which you set Declined status will not be installed on devices.

    How-to instructions:

  5. Configuring automatic installation of updates and patches for Kaspersky Security Center Cloud Console components

    By default, the downloaded updates and patches for Network Agent and other Kaspersky Security Center Cloud Console components are installed automatically. If you have left the Automatically install applicable updates and patches for components that have the Undefined status option enabled in the Network Agent properties, then all updates will be installed automatically after they are downloaded to the repository (or several repositories). If this option is disabled, Kaspersky patches that have been downloaded and tagged with the Undefined status will be installed only after you change their status to Approved.

    How-to instructions: Enabling and disabling automatic updating and patching for Kaspersky Security Center Cloud Console components

  6. Configuring automatic installation of updates for the security applications

    Create the Update tasks for the managed applications to provide timely updates to the applications, software modules and Kaspersky databases, including anti-virus databases. We recommend that you select the When new updates are downloaded to the repository option when configuring the task schedule. This will ensure that new updates are installed as soon as possible.

    By default, updates for the managed applications are installed only after you change the update status to Approved. For Kaspersky Endpoint Security for Windows, you can change the update settings in the Update task.

    If an update requires reviewing and accepting the terms of the End User License Agreement, then you first need to accept the terms. After that the update can be propagated to the managed devices.

    How-to instructions: Automatic installation of Kaspersky Endpoint Security updates on devices

  7. Approving and declining updates of managed Kaspersky applications

    By default, the downloaded software updates have the Undefined status. You can change the status to Approved or Declined. The approved updates are always installed. If an update of a managed Kaspersky application requires reviewing and accepting the terms of the End User License Agreement, then you first need to accept the terms. After that the update can be propagated to the managed devices. The updates for which you set Declined status will not be installed on devices. If a declined update for a managed application was previously installed, Kaspersky Security Center Cloud Console will try to uninstall the update from all devices.

    Approving and declining updates is available only for managed Kaspersky applications installed on the Windows-based client devices. Seamless updating of Administration Server, Kaspersky Security Center Cloud Console, Network Agent, and management web plug-ins is not supported.

    How-to instructions: Approving and declining software updates

Upon completion of the scenario, you can proceed to monitoring the network status.

');
Kaspersky Endpoint Security for Business Advanced: Adaptive security of your company
Web and device controls. Data encryption. Centralized and convenient management from a single console.
');
Kaspersky Premium Support (MSA): High‑priority incident processing
Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).