Types of Deep Security updates from Trend Micro include:
-
Security updates: Rules and malware patterns that Deep Security Agent software uses to identify potential threats. Types of security updates include:
-
Pattern updates: Used by Anti-Malware.
-
Rule updates: Used by:
-
Firewall
-
Intrusion Prevention
-
Integrity Monitoring
-
Log Inspection
-
-
Application Control rule updates are created locally, based on your computers' software.
They are not from Trend Micro.
The Anti-Malware engine in agent software can be updated independently to keep up
with the newest threats. See Enable automatic Anti-Malware engine updates.
Trend Micro releases new rule updates every Tuesday, with additional updates as new
threats are discovered. Information about the updates is available in the Trend Micro
Threat Encyclopedia.
How Deep Security Manager checks for software upgrades
Deep Security Manager periodically connects to Trend Micro Update servers to check
for
updates to software that you have imported into the Deep Security Manager database, such as:
-
Deep Security Agent
-
Deep Security Manager
This checks based on the local inventory, not the Download Center.
(There is a separate alert for new software on the Download Center.)
![]() |
NoteDeep Security only informs you of minor version updates-not major-of
software.
For example, if you have Deep Security Agent 9.6.100, and Trend Micro
releases 9.6.200, an alert tells you that software updates are available.
However, if 10.0.nnn (a major version difference) is released and you do not
have any 10.0 agents, the alert does not appear (even though
10.0is later than 9.6.100).
|
An alert on the manager notifies you that software updates are available. On
Administration > Updates > Software, the Trend Micro Download
Center section also indicates whether there are updates available. Once you import
(download) software into the Deep Security Manager database, you can upgrade the software
in
your deployment. See Upgrade Deep Security Agent
.
![]() |
TipTo see all software packages that are available for download (even if you have not
imported it before), go to Administration > Updates > Software >
Download Center.
|
To determine when the last check was performed, whether it was successful, or to manually
initiate a check for updates, go to Administration > Updates >
Software and view the "Deep Security" section. If you have configured a
scheduled task to check for updates, the date and time of the next scheduled check
is also
listed here. See Schedule Deep Security to perform tasks.
When imported, software is stored in the Deep Security Manager database. Imported
software is periodically replicated to relays.
Best practices for upgrades
When deploying a new release of the Deep Security Agent:
-
Deep Security Relays must be the same version or newer than all agents and appliances in your environment.
-
Deep Security Relays should be the same version as your Deep Security Manager.
-
When performing upgrades of Deep Security software, the order of upgrade is important. Upgrade your Deep Security Manager first, then all relays, then agents.
![]() |
NoteBeginning with Deep Security 20, you cannot activate a Deep Security Agent with a
Deep Security Manager that is older than the Minimum DSM Version for that agent release. You can find the Minimum DSM Version on the Deep Security Software download page.
|
![]() |
TipWith Workload Security, the manager and relays provided with the service are always
up to date. You can ignore the Minimum DSM Version and not think about relay versions
unless you choose to deploy extra relays in your environment.
|
How Deep Security validates update integrity
Both software updates and security updates are digitally signed. In addition to automatic
checks, if you want to manually validate the signatures or checksums, you can use
external tools such as:
-
sha256sum (Linux)
-
Checksum Calculator (Windows)
-
jarsigner (Java Development Kit (JDK); see Check digital signatures on software packages)
Digital signatures
When security updates are viewed, used, or imported into the Deep Security Manager
database (either manually or automatically, via scheduled task), the manager validates the signature. A correct digital signature indicates that
the software is authentically from Trend Micro and hasn't been corrupted or tampered
with. If the digital signature is invalid, the manager does not use the file. A warning
is also recorded in log files such as
server0.log
:WARNING: ThID:85|TID:0|TNAME:Primary|UID:1|UNAME:MasterAdmin|Verifying the signature
failed.
com.thirdbrigade.manager.core.general.exceptions.FileNotSignedValidationException:
"corrupted_rules.zip." has not been digitally signed by Trend Micro and cannot be
imported.
If you manually import a security update package with an invalid digital signature,
the manager also displays an error message.
![]() |
NoteOld security updates that are not signed fail validation if they are used, even if
you successfully imported them in a previous version of Deep Security Manager that
did not enforce signatures. For better protection, use new security updates instead.
However if you still require the old security updates, you can contact your support
provider to request a file that is signed, and then manually import the security update.
|
Deep Security Agent also validates the digital signature, compares checksums (sometimes
called hashes or fingerprints) and uses other, non-disclosed integrity methods.
Checksums
Software checksums (also called hashes or fingerprints) are published on the Download Center. To view the SHA-256 hash, click the + button next to the software's name.
