Trend Micro has received reports of high download traffic due to misconfiguration of the Update Agent. This advisory contains information on how to examine your Update Agents and tips to prevent any potential misconfiguration.
Assigned Update Agents will duplicate the selected component update, domain settings or Security Agent programs or hot fixes, which not only require more disk space to the Update Agent but also generates traffic to corporate environment if the Update Agents are not assigned correctly. Excessive Update Agents assignments can negatively impact overall performance, so it is recommended to only configure the Update Agents that are required.
Please refer to KB 1034989 for more details on Apex One Update Agents.
In the received reports, there are two typical misconfigurations observed:
- Update Agent settings were accidentally enabled on a normal Apex One Security Agent policy.
- Normal Apex One Security Agent policies inherited settings from a policy that enabled its Update Agent settings unintentionally.
To avoid this, users are advised to review the following recommendations to examine their Apex One Security Agent policy settings and correct possible misconfigurations:
Recommendation A - Examine the major parent policies or the policies that manages most of the Apex One agents to make sure Update Agent settings are configured as intended.
Recommendation B - Use a dedicated Apex One Security Agent policy to manage Update Agent settings
- Log on to the Apex One as a Service web console.
- Go to Policies > Policy Management > Apex One Security Agent.
Create a new policy with dedicated Policy Name, for example, name it as "Update Agent".
Click Update Agent in left panel, and configure the required distribution setting of the Update Agent.The policy of a normal Apex One agent should not check any settings in its Update Agent page.