Views:
To enable automatic updates:
  1. Download the CPM Automatic Update Setup Script and run it on your server.
    Download and run the CPM automatic update setup script on your server. You will need your deployment’s site administrator credentials and password. These are required in order to create a new console operator account.
    This account is used to send a manifest of the latest available pattern file versions to your endpoints whenever new patterns are downloaded from Trend Micro.
    Some items that you need to take note of:
    • This operator account should not be given administrative rights on any endpoints.
    • It is recommended that you do not change the default values supplied by the script.
    • The manifest of the latest pattern versions will only be made available to endpoints if automatic updates are enabled on the server.
    The script automatically sets a flag on server. When the flag is set, the ‘Set ActiveUpdate Server Pattern Update Interval’ policy action configured in step 2 will send a manifest of the latest available pattern updates to CPM endpoints.
    Note: There is a corresponding ‘Disable Automatic Updates – Server’ Task.  Use this task if you want to stop all endpoints from automatically updating pattern files.
  2. Ensure that there is a periodic policy action issue from the Set ActiveUpdate Server Pattern Update Intervaltask with the following behavior:
    • On Failure, retry 99 times
    • Reapply this action "while relevant", waiting 15 minutes between reapplications.
    Important: The setup process of automatic updates will not download a new pattern-set.  That action is still managed by the ‘Set ActiveUpdate Server Pattern Update Interval’ task.
    A policy action of that task may already exist and the most recent pattern-set may have been downloaded prior to this automatic updates setup procedure. In that situation, a new pattern-set will not be available for automatic updates until the next set is downloaded from the Trend ActiveUpdate Server.
    The caching behavior of the Trend CPM Server component only downloads new content from the Trend ActiveUpdate Server. To induce an immediate download of the latest pattern-set to use in automatic updates, please perform the following:
    1. Clear the CPM Server Component download cache - Delete the contents of folder [C:\Program Files\Trend Micro\Core Protection Module Server\download].
    2. Deploy an action from task 'Core Protection Module - Set ActiveUpdate Server Pattern Update Interval'.
  3. Issue a policy action against all endpoints from the Apply Automatic Updates task.
    This policy action monitors the latest pattern file versions and applies them to endpoints with automatic updates enabled. The action should be targeted at all computers and set with the following parameters:
    • Reapply whenever relevant
    • Reapply an unlimited number of times (Reapply up to 99 times on failure)
Note: Endpoint’s automatic update flag is set after CPM deployment. When the flag is set, the ‘Apply Automatic Updates’ policy action configured in step 3 will become relevant whenever new pattern files are made available by the policy action configured in Step 2. Only endpoints with the flag set will automatically apply pattern file updates.