You can specify certain OfficeScan/Apex One clients/agents to act as local update sources for other clients/agents.
For instance, if your network is segmented by location and the network link between the segments experiences heavy traffic load, we recommend allowing at least one client/agent for each segment to act as an Update Agent.
Important Notes
Below are some items to consider:
- Make sure that the Update Agent machines have an additional 2GB available disk space for downloaded components.
- The maximum number of customized update sources for an OfficeScan/Apex One client/agent allowed is 1,024
- The maximum number of concurrent client/agent update requests that an Update Agent can handle depends on the system specification of the machine.
The following data are based on internal testing and can be used as a guide. Please note that these numbers are based on machines running exclusively as an Update Agent.CPU Cores RAM Network OS Number of
connectionsIntel(R) Core(TM) i5 CPU 760 @ 2.80GHz 4 8 G 100 Mbps Windows 10 400 Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz 4 8 G 1 Gbps Windows 10 900 Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz 8 16 G 10 Gbps Windows 10 7,700 - Excessive Update Agents can actually harm performance. It is recommended to only configure the Update Agents that are required.
Configuration by Product
To configure OfficeScan/Apex One clients/agents to act as Update Agents (UA):
- Specify a client that will act as the Update Agent (UA).
- Log on to the OfficeScan/Apex One management console.
- Go to Agents > Agent Management.
- Select the domains or clients/agents that will be granted the Update Agent privileges.
- Click the Settings tab and then select "Update Agent Settings".
- Check any of the following under "Clients can act as Update Agents" depending on what type of data would be hosted on this UA:
- Component Updates
- Domain Settings
- OfficeScan/Apex One agent programs and hot fixes
- Click Save.
- Select an Update Agent as a Client Update Source.
- Go to Updates > Agents > Update Source.
- Select Customized Update Source.
- Under the Customized Update Source list, click Add.
- Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
- Select "Update Agent" and then choose the agent from the drop-down list.
The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Client Privileges and Settings screen.
Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.
- Click Save.
- On the Agent Update Source page, click the Notify All Agents button at the bottom.
To configure Apex One clients/agents to act as Update Agents (UA):
- Specify a client that will act as the Update Agent (UA).
- Log on to the Apex One as a Service web console.
- Go to Policies > Policy Management > Apex One Agent.
- Create a new policy to be used by the Update Agents.
Refer to the Apex One as a Service Admin Guide (Chapter 11: Policy Management) to learn more about policies: .
- Check any of the following under "Clients can act as Update Agents" depending on what type of data would be hosted on this UA:
- Component Updates
- Domain Settings
- Apex One agent programs and hot fixes
- Click Save.
The policy will then deploy to the agents you configured.
- Set an Update Agent as a Client Update Source.
- In the Trend Micro Apex Central web console, go to Directories > Product Servers.
- Click the provided link to Single Sign-On to the Apex One server.
- Go to Updates > Agents > Update Source.
- Under the Customized Update Source list, click Add.
- Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
- Select "Update Agent" and then choose the agent from the drop-down list.
The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Client Privileges and Settings screen.
Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.
- Click Save.
- On the Agent Update Source page, click the Notify All Agents button at the bottom.
Understanding the Agent Update/Order Process
A client updates from the first matching entry on the Customized Update Source list:
- If unable to update from the first entry, the client updates from the second entry, and so on.
- If unable to update from all entries, the client does and checks the following.
On the Agent Update Source Page the “OfficeScan agents update the following items from the OfficeScan server if all customized sources are unavailable or not found” option.
If enabled, the client updates from the OfficeScan server the options selected below it:
- Components
- Domain Settings
- OfficeScan agent programs and hot fixes
- If the option is disabled, the client then tries connecting directly to the Trend Micro ActiveUpdate server if any of the following is true:
- For OfficeScan 11.0:
In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Clients download updates from the Trend Micro ActiveUpdate Server" is enabled.
The ActiveUpdate server ([3]http://osce11-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.
- For OfficeScan XG:
In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Clients download updates from the Trend Micro ActiveUpdate Server" is enabled.
The ActiveUpdate server ([4]http://osce12-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.
- For Apex One:
- Without Apex Central policies:
In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Clients download updates from the Trend Micro ActiveUpdate Server" is enabled.
- With Apex Central policies:
In Policies > Policy Management > Policy > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Security Agents download updates from the Trend Micro ActiveUpdate Server" is enabled.
The ActiveUpdate server (http://osce14-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.
The product automatically looks for server.ini in this location. If attempting to access via a web browser, you can verify by adding the server.ini e.g. https://osce14-p.activeupdate.trendmicro.com/activeupdate/server.ini. - Without Apex Central policies:
- For OfficeScan 11.0:
- If unable to update from all possible sources, the client quits the update process.