Views:

Important Notes

Below are some items to consider:

Make sure that the Update Agent machines have an additional 2GB available disk space for downloaded components.
The maximum number of customized update sources for an Apex One agent allowed is 1,024

The maximum number of concurrent agent update requests that an Update Agent can handle depends on the system specification of the machine.
The following data are based on internal testing and can be used as a guide. Please note that these numbers are based on machines running exclusively as an Update Agent.

CPU	Cores	RAM	Network	OS	Number of connections
Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz	4	8 G	100 Mbps	Windows 10	400
Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz	4	8 G	1 Gbps	Windows 10	900
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	8	16 G	10 Gbps	Windows 10	7,700

Excessive Update Agents can actually harm performance. It is recommended to only configure the Update Agents that are required.

Configuration by Product

EXPAND ALL

On-Premise without Apex Central

To configure Apex One clients/agents to act as Update Agents (UA):

Specify a client that will act as the Update Agent (UA).
1. Log on to the Apex One management console.
2. Go to Agents > Agent Management.
3. Select the domains or clients/agents that will be granted the Update Agent privileges.
4. Click the Settings tab and then select "Update Agent Settings".
5. Check any of the following under "Security Agents can act as Update Agents for" depending on what type of data would be hosted on this UA:
  - Component Updates
  - Domain Settings
  - Security Agent programs and hot fixes
6. Click Save.
7. To verify if the agent is an update agent, go to Agents > Agent Management. Search for the endpoint name and check the update agent icon. See Agent Tree Icons for information.
Select an Update Agent as a Client Update Source.
1. Go to Updates > Agents > Update Source.
2. Select Customized Update Source.
3. Under the Customized Update Source list, click Add.
4. Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
5. Select "Update Agent" and then choose the agent from the drop-down list.
  
  The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Update Agent Settings screen.
  
  Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.
6. Click Save.
7. On the Agent Update Source page, click the Notify All Agents button at the bottom.

Apex One as a Service or On-Premise with Apex Central

To configure Apex One agents to act as Update Agents (UA):

Specify a client that will act as the Update Agent (UA).
1. Log on to the Trend Micro Apex Central web console.
2. Go to Policies > Policy Management > Apex One Security Agent.
3. Create a new policy to be used by the Update Agents.
4. Under Agent Configurations, select Update Agent
5. Check any of the following under "Security Agents can act as Update Agents for" depending on what type of data would be hosted on this UA:
  - Component Updates
  - Domain Settings
  - Security Agent programs and hot fixes
6. Click Save.
  The policy will then deploy to the agents you configured.
7. To verify if the agent is an update agent, go to Agents > Agent Management. Search for the endpoint name and check the update agent icon. See Agent Tree Icons for information.
Set an Update Agent as a Client Update Source.
1. In the Trend Micro Apex Central web console, go to Directories > Product Servers.
2. Click the provided link to Single Sign-On to the Apex One server.
3. Go to Updates > Agents > Update Source.
  1. Under the Customized Update Source list, click Add.
  2. Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
  3. Select "Update Agent" and then choose the agent from the drop-down list.
    
    The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Client Privileges and Settings screen.
    
    Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.
4. Click Save.
On the Agent Update Source page, click the Notify All Agents button at the bottom.

Understanding the Agent Update/Order Process

A client updates from the first matching entry on the Customized Update Source list:

If unable to update from the first entry, the client updates from the second entry, and so on.
If unable to update from all entries, the client does and checks the following.
On the Agent Update Source Page the “Security agents update the following items from the Apex One server if all customized sources are unavailable or not found” option.

If enabled, the client updates from the Apex One server the options selected below it:
- Components
- Domain Settings
- Security agent programs and hot fixes
If the option is disabled, the client then tries connecting directly to the Trend Micro ActiveUpdate server if any of the following is true:
- Without Apex Central policies:
  In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Security Agents download updates from the Trend Micro ActiveUpdate Server" is enabled.
- With Apex Central policies:
  In Policies > Policy Management > Policy > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Security Agents download updates from the Trend Micro ActiveUpdate Server" is enabled.
The ActiveUpdate server (https://osce14-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.

The product automatically looks for server.ini in this location. If attempting to access via a web browser, you can verify by adding the server.ini e.g. https://osce14-p.activeupdate.trendmicro.com/activeupdate/server.ini.
If unable to update from all possible sources, the client quits the update process.

Keywords: configure update agent,update agent privilege,update source,set as update agent,bandwidth consumption during update,update agents,update agents activation,setting osce clients,setting osce agents,office scan agents,update agent

Comments (0)

Configuring Apex One agents to act as Update Agents

Product / Version includes:

Apex One2019 , Apex One as a ServiceAll , Apex CentralAll , Apex OneAll

Last updated: 2024/05/22

Solution ID: KA-0002009

Category: Configure

Summary

You can specify certain Apex One agents to act as local update sources for other agents.

For instance, if your network is segmented by location and the network link between the segments experiences heavy traffic load, we recommend allowing at least one agent for each segment to act as an Update Agent.

Important Notes

Below are some items to consider:

Make sure that the Update Agent machines have an additional 2GB available disk space for downloaded components.
The maximum number of customized update sources for an Apex One agent allowed is 1,024

CPU	Cores	RAM	Network	OS	Number of connections
Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz	4	8 G	100 Mbps	Windows 10	400
Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz	4	8 G	1 Gbps	Windows 10	900
Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz	8	16 G	10 Gbps	Windows 10	7,700

Excessive Update Agents can actually harm performance. It is recommended to only configure the Update Agents that are required.

Configuration by Product

EXPAND ALL

On-Premise without Apex Central

To configure Apex One clients/agents to act as Update Agents (UA):

Specify a client that will act as the Update Agent (UA).
1. Log on to the Apex One management console.
2. Go to Agents > Agent Management.
3. Select the domains or clients/agents that will be granted the Update Agent privileges.
4. Click the Settings tab and then select "Update Agent Settings".
5. Check any of the following under "Security Agents can act as Update Agents for" depending on what type of data would be hosted on this UA:
  - Component Updates
  - Domain Settings
  - Security Agent programs and hot fixes
6. Click Save.
7. To verify if the agent is an update agent, go to Agents > Agent Management. Search for the endpoint name and check the update agent icon. See Agent Tree Icons for information.
Select an Update Agent as a Client Update Source.
1. Go to Updates > Agents > Update Source.
2. Select Customized Update Source.
3. Under the Customized Update Source list, click Add.
4. Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
5. Select "Update Agent" and then choose the agent from the drop-down list.
  
  The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Update Agent Settings screen.
  
  Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.
6. Click Save.
7. On the Agent Update Source page, click the Notify All Agents button at the bottom.

Apex One as a Service or On-Premise with Apex Central

To configure Apex One agents to act as Update Agents (UA):

Specify a client that will act as the Update Agent (UA).
1. Log on to the Trend Micro Apex Central web console.
2. Go to Policies > Policy Management > Apex One Security Agent.
3. Create a new policy to be used by the Update Agents.
4. Under Agent Configurations, select Update Agent
5. Check any of the following under "Security Agents can act as Update Agents for" depending on what type of data would be hosted on this UA:
  - Component Updates
  - Domain Settings
  - Security Agent programs and hot fixes
6. Click Save.
  The policy will then deploy to the agents you configured.
7. To verify if the agent is an update agent, go to Agents > Agent Management. Search for the endpoint name and check the update agent icon. See Agent Tree Icons for information.
Set an Update Agent as a Client Update Source.
1. In the Trend Micro Apex Central web console, go to Directories > Product Servers.
2. Click the provided link to Single Sign-On to the Apex One server.
3. Go to Updates > Agents > Update Source.
  1. Under the Customized Update Source list, click Add.
  2. Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
  3. Select "Update Agent" and then choose the agent from the drop-down list.
    
    The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Client Privileges and Settings screen.
    
    Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.
4. Click Save.
On the Agent Update Source page, click the Notify All Agents button at the bottom.

Understanding the Agent Update/Order Process

A client updates from the first matching entry on the Customized Update Source list:

If unable to update from the first entry, the client updates from the second entry, and so on.
If unable to update from all entries, the client does and checks the following.
On the Agent Update Source Page the “Security agents update the following items from the Apex One server if all customized sources are unavailable or not found” option.

If enabled, the client updates from the Apex One server the options selected below it:
- Components
- Domain Settings
- Security agent programs and hot fixes
If the option is disabled, the client then tries connecting directly to the Trend Micro ActiveUpdate server if any of the following is true:
- Without Apex Central policies:
  In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Security Agents download updates from the Trend Micro ActiveUpdate Server" is enabled.
- With Apex Central policies:
  In Policies > Policy Management > Policy > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Security Agents download updates from the Trend Micro ActiveUpdate Server" is enabled.
The ActiveUpdate server (https://osce14-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.

The product automatically looks for server.ini in this location. If attempting to access via a web browser, you can verify by adding the server.ini e.g. https://osce14-p.activeupdate.trendmicro.com/activeupdate/server.ini.
If unable to update from all possible sources, the client quits the update process.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Configuring Apex One agents to act as Update Agents

Important Notes

Configuration by Product

On-Premise without Apex Central

Apex One as a Service or On-Premise with Apex Central

Understanding the Agent Update/Order Process

Configuring Apex One agents to act as Update Agents

Product / Version includes:

Summary

Important Notes

Configuration by Product

On-Premise without Apex Central

Apex One as a Service or On-Premise with Apex Central

Understanding the Agent Update/Order Process