Trend Micro - Securing Your Journey to the Cloud Business
Success
Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Configuring OfficeScan/Apex One clients/agents to act as Update Agents

    • Updated:
    • 16 Feb 2021
    • Product/Version:
    • Apex One 2019
    • Apex One All.All
    • Apex One as a Service
    • Apex One as a Service All.All
    • OfficeScan 11.0
    • OfficeScan 11.0
    • OfficeScan XG
    • OfficeScan XG.All
    • Platform:
    • N/A
Summary

You can specify certain OfficeScan/Apex One clients/agents to act as local update sources for other clients/agents.

For instance, if your network is segmented by location and the network link between the segments experiences heavy traffic load, we recommend allowing at least one client/agent for each segment to act as an Update Agent.

Details
Public

Important Notes

Below are some items to consider:

  • Make sure that the Update Agent machines have an additional 2GB available disk space for downloaded components.
  • The maximum number of customized update sources for an OfficeScan/Apex One client/agent allowed is 1,024
  • The maximum number of concurrent client/agent update requests that an Update Agent can handle depends on the system specification of the machine.
    The following data are based on internal testing and can be used as a guide. Please note that these numbers are based on machines running exclusively as an Update Agent.
    CPUCoresRAMNetworkOSNumber of
    connections
    Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz48 G100 MbpsWindows 10400
    Intel(R) Core(TM) i5 CPU 760 @ 2.80GHz48 G1 GbpsWindows 10900
    Intel(R) Xeon(R) Platinum 8259CL CPU @ 2.50GHz816 G10 GbpsWindows 107,700
  • Excessive Update Agents can actually harm performance. It is recommended to only configure the Update Agents that are required.

 

Configuration by Product

To configure OfficeScan/Apex One clients/agents to act as Update Agents (UA):

  1. Specify a client that will act as the Update Agent (UA).
    1. Log on to the OfficeScan/Apex One management console.
    2. Go to Agents > Agent Management.
    3. Select the domains or clients/agents that will be granted the Update Agent privileges.
    4. Click the Settings tab and then select "Update Agent Settings".
    5. Check any of the following under "Clients can act as Update Agents" depending on what type of data would be hosted on this UA:
      • Component Updates
      • Domain Settings
      • OfficeScan/Apex One agent programs and hot fixes
    6. Click Save.
  2. Select an Update Agent as a Client Update Source.
  3. Go to Updates > Agents > Update Source.
  4. Select Customized Update Source.
  5. Under the Customized Update Source list, click Add.
  6. Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
  7. Select "Update Agent" and then choose the agent from the drop-down list.
     

    The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Client Privileges and Settings screen.

    Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.

     
  8. Click Save.
  9. On the Agent Update Source page, click the Notify All Agents button at the bottom.

To configure Apex One clients/agents to act as Update Agents (UA):

  1. Specify a client that will act as the Update Agent (UA).
    1. Log on to the Apex One as a Service web console.
    2. Go to Policies > Policy Management > Apex One Agent.
    3. Create a new policy to be used by the Update Agents.

      Refer to the Apex One as a Service Admin Guide (Chapter 11: Policy Management) to learn more about policies: .

    4. Check any of the following under "Clients can act as Update Agents" depending on what type of data would be hosted on this UA:
      • Component Updates
      • Domain Settings
      • Apex One agent programs and hot fixes
    5. Click Save.

      The policy will then deploy to the agents you configured.

  2. Set an Update Agent as a Client Update Source.
    1. In the Trend Micro Apex Central web console, go to Directories > Product Servers.
    2. Click the provided link to Single Sign-On to the Apex One server.
    3. Go to Updates > Agents > Update Source.
      1. Under the Customized Update Source list, click Add.
      2. Enter the range of the IP addresses of the clients/agents that will receive the updates from the Update Agent.
      3. Select "Update Agent" and then choose the agent from the drop-down list.
         

        The clients/agents which have been granted the privilege to act as Update Agents will now appear in the list. If there are missing Update Agents, make sure to apply the Act as Update Agent privilege to the clients/agents in the Client Privileges and Settings screen.

        Choosing “Using the Update Agent hostname to connect” is recommended as this will use DNS to continue pointing to the Update Agent in the event of an IP address change.

         
    4. Click Save.
  3. On the Agent Update Source page, click the Notify All Agents button at the bottom.

 

Understanding the Agent Update/Order Process

A client updates from the first matching entry on the Customized Update Source list:

  • If unable to update from the first entry, the client updates from the second entry, and so on.
  • If unable to update from all entries, the client does and checks the following.

    On the Agent Update Source Page the “OfficeScan agents update the following items from the OfficeScan server if all customized sources are unavailable or not found” option.

    If enabled, the client updates from the OfficeScan server the options selected below it:

    • Components
    • Domain Settings
    • OfficeScan agent programs and hot fixes
  • If the option is disabled, the client then tries connecting directly to the Trend Micro ActiveUpdate server if any of the following is true:
    • For OfficeScan 11.0:

      In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Clients download updates from the Trend Micro ActiveUpdate Server" is enabled.

      The ActiveUpdate server ([3]http://osce11-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.

    • For OfficeScan XG:

      In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Clients download updates from the Trend Micro ActiveUpdate Server" is enabled.

      The ActiveUpdate server ([4]http://osce12-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.

    • For Apex One:
      • Without Apex Central policies:

        In Agent > Agent Management > Settings > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Clients download updates from the Trend Micro ActiveUpdate Server" is enabled.

      • With Apex Central policies:

        In Policies > Policy Management > Policy > Privileges and Other Settings > Other Settings tab > Update Settings, the option "Security Agents download updates from the Trend Micro ActiveUpdate Server" is enabled.

      The ActiveUpdate server (http://osce14-p.activeupdate.trendmicro.com/activeupdate) is not included in the Customized Update Source List.

       
      The product automatically looks for server.ini in this location. If attempting to access via a web browser, you can verify by adding the server.ini e.g. https://osce14-p.activeupdate.trendmicro.com/activeupdate/server.ini.
  • If unable to update from all possible sources, the client quits the update process.
Premium
Internal
Partner
Rating:
Category:
Configure
Solution Id:
1034989
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.
Related Articles