Pattern Updates

There are a number of moving parts and components involved with the routine task of updating the pattern files:

  • CPM server components include:

    • Proxy Settings

    • TMCPMAuHelper.exe

    • TrendMirrorScript.exe

  • CPM console components include:

    • Pattern Update Wizard

    • Pattern-set Loading via Manifest.json

  • CPM client components include:

    • BESClient.exe (for dynamic download requests for pattern-sets)

    • TMCPMAuUpdater.exe (for request and application of pattern-sets)

General

  • The default ActiveUpdate server (for pattern updates) appears in the BigFix Server registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPMsrv\ServerUpdateSource\DefaultAUServer

  • The default ActiveUpdate server URL for CPM version 10.6:

    http://cpm-p.activeupdate.trendmicro.com/activeupdate

  • CPM server: Check that the server exists in the Windows™ Registry:
    HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\CPM\server
  • CPM server: If the automatic update Task is successful, the CPM site will exist in the ‘bfsites’ directory:
    <%Program Files%>\BigFix Enterprise\BES Server\wwwrootbes\bfsites\
CustomSite_FileOnlyCustomSite_CPMAutoUpdate_0_1
  • CPM client: After automatic updates have been enabled on the client, the CPM site will exist in the BigFix subscribed sites directory:
    <%Program Files%>\BigFix Enterprise\BES Client\__BESData\
CustomSite_FileOnlyCustomSite_CPMAutoUpdate

  • Check for pattern updates on the CPM server. From the CPM Dashboard, click Update/Rollback Patterns > Create Pattern Update/Rollback Task to open Pattern Update and Rollback Wizard.

    • If there are no new updates, inspect the Task Core Protection Module - Set ActiveUpdate Server Pattern Update Interval.

    • If the Task was run but the updates are not working properly, check the Action or the logs on the BigFix server.

    • Check the BigFix server to confirm whether pattern update are being received as expected:
      <%Program Files%>\BigFix Enterprise\BES Server\wwwrootbes\cpm\patterns
  • Check the TrendMirrorScript.exe logs that can be found at: 
    <%Program Files%>\BigFix Enterprise\TrendMirrorScript\logs

  • Confirm that older pattern files are still located on the BigFix Server (by default a reserve of 15 patterns are retained).