Preparing the Server and Updating the Pattern Files

About this task

This procedure requires running a script to prepare the server for recurring automatic pattern updates, which are then used for CPM client updates. Automatic Updates allow you to automatically deliver and apply pattern file updates to your endpoints whenever new patterns are made available by Trend Micro.

Note: An endpoint’s automatic update flag is set after CPM deploys. When the flag is set, the Apply Automatic Updates policy action (configured in Step 3) will become relevant whenever new pattern files are made available by the policy action configured in Step 2. Only endpoints with the flag set will automatically apply pattern file updates.

Step 1: Run the CPM Automatic Update Setup Script

Download and run the CPM automatic update setup script on your server. You need the deployment site administrator credentials and password. You cannot create a new console operator account without these credentials. Use the operator account to send a manifest of the latest available pattern file versions to your endpoints whenever new patterns are downloaded from Trend Micro.

Note: The following items require a pre-installation of the CPM Automatic Update Setup Script on the server that hosts BigFix and CPM. Download and install the latest script, using an administrator account from Endpoint Protection > Core Protection Module > Updates and select Core Protection Module - Download CPMAutoUpdateSetup Script in the top right pane. Or, download the script from the following location:

http://esp-download.trendmicro.com/download/cpm/CPMAutoUpdateSetup2_1.0.8.0.exe

Take note of the following recommendations for the Automatic Update Setup Script:

The operator account should not be given administrative rights on any endpoints.
Do not change the default values supplied by the script.
Enable automatic updates on the server to make the latest pattern versions available to endpoints.
Be sure to run the script before proceeding to the following steps. The script automatically sets a flag on the server. After the flag is set, the Set ActiveUpdate Server Pattern Update Interval policy action configured in Step 2 will send a manifest of the latest available pattern updates to CPM endpoints.
If you want to prevent endpoints from updating pattern files, use the Disable Automatic Updates - Server Task.

Step 2: Issue a "Set ActiveUpdate Server Pattern Update Interval" Task

About this task

You have most likely already configured a policy action from this task.

Note: The setup process of automatic updates will not download a new pattern-set. That action is still managed by the Set ActiveUpdate Server Pattern Update Interval task.

A policy action of that task may already exist and the most recent pattern-set may have been downloaded prior to this automatic updates setup procedure. In that situation, a new pattern-set will not be available for automatic updates until the next set is downloaded from the Trend ActiveUpdate Server.

The caching behavior of the Trend CPM Server component only downloads new content from the Trend ActiveUpdate Server. To induce an immediate download of the latest pattern-set to use in automatic updates, perform the following:

Procedure

Clear the CPM Server Component download cache - Delete the contents of the folder C:\Program Files\Trend Micro\Core Protection Module Server\download.
Configure a periodic policy action and deploy the action from the task Core Protection Module - Set ActiveUpdate Server Pattern Update Interval.

Step 3: Issue a "Apply Automatic Updates" Task

This policy action monitors the latest pattern file versions and applies them to endpoints with automatic updates enabled. This action should be targeted at all computers and set with the following parameters:

Reapply whenever relevant
Reapply an unlimited number of times
Set the action to never expire
Retry up to 99 times on failure