If the upgrade, hot fix or patch deployments were not blocked through the management console, then you can do the following to prevent further downloads and still allow the OfficeScan clients to download the component updates, such as pattern updates.
For Program Upgrade
Clients will download the tmxxxxNT.zip or newpnt.zip file from the OfficeScan server folder (PCCSRV\download), depending on the version of OfficeScan.
To prevent program upgrade, go to IIS and set the file security of those .ZIP files to disable anonymous access under IIS. This way, the clients will always fail to get the file download and the program will not be upgraded.
Do the following:
- Open the IIS manager and look for the OfficeScan website.
- Look for download virtual web directory and the right-hand side will show the files it contains.
- Change the file security for the following files one at a time:
- tmengNT.zip
- tmengX64.zip
- tmnewpnt.zip
- tmnewpx64.zip
- newpnt.zip
- newpx64.zip
- Right-click the file and select Properties.
- Click the File security tab, look for Authentication access control, and then click Edit.
- Deselect the Enable anonymous user access option and save the changes. Follow the same steps for the rest of the .ZIP files above.
For Hot fix/Patch Update
Client checks server hotfixNT.txt and finds the file time difference to proceed with the hot fix by downloading the new files from PCCSRV\pccnt. Its corresponding web virtual directory in IIS is hotfix_pccnt.
To prevent hot fix deployment, go to IIS and set the directory security of hotfix_pccnt to disable anonymous access. This way, the file will be downloaded to the client and the client will not get any hot fix.
Do the following:
- Open the IIS manager and look for the OfficeScan website.
- Look for the hotfix_pccnt virtual web directory.
- Right-click the file and select Properties.
- Go to the Directory Security tab, look for Authentication access control, and then click Edit.
- Deselect the Enable anonymous user access option and save the changes.