Prepare the IBM BigFix Server and Update the Pattern Files

This procedure requires that you run a script to prepare the BigFix Server for recurring automatic pattern updates, which are then used for CPM for Mac client updates. Use Automatic Updates to deliver and apply pattern file updates to your endpoints whenever new patterns are made available by Trend Micro.

Note: An endpoint's automatic update flag is set after CPM for Mac deploys. When the flag is set, the Apply Automatic Updates policy action (configured in Step 3) will become relevant whenever new pattern files are made available by the policy action that was configured in Step 2. Only endpoints with the flag set will automatically apply pattern file updates.

  1. Run the CPM Automatic Update Setup Script.
    Download and run the CPM automatic update setup script on your server. You need the deployment site administrator credentials and password. You cannot create a new console operator account without these credentials. Use the operator account to send a manifest of the latest available pattern file versions to your endpoints whenever new patterns are downloaded from Trend Micro.
    Note: The following items require a pre-installation of the CPM Automatic Update Setup Script on the server that hosts IBM BigFix and CPM. Download and install the latest script, using an administrator account from Endpoint Protection > Core Protection Module > Updates and select Core Protection Module - Download CPMAutoUpdateSetup Script in the upper right pane. Or, download the script from:

    http://esp-download.trendmicro.com/download/cpm/CPMAutoUpdateSetup2_1.0.8.0.exe
    Note the following recommendations for the Automatic Update Setup Script:
    • Do not give the operator account administrative rights on any endpoints.
    • Do not change the default values supplied by the script.
    • Enable automatic updates on the server to make the latest pattern versions available to endpoints.
    • Run the script before you proceed to the next steps. The script automatically sets a flag on the server. After the flag is set, the Set ActiveUpdate Server Pattern Update Interval policy action that is configured in Step 2 will send a manifest of the latest available pattern updates to CPM endpoints.
    • If you want to prevent endpoints from updating pattern files, use the Disable Automatic Updates - Server Task.

  2. Issue a "Set ActiveUpdate Server Pattern Update Interval" Task.
    Note: The setup process of automatic updates will not download a new pattern-set. That action is still managed by the Set ActiveUpdate Server Pattern Update Interval task.

    A policy action of that task might exist and the most recent pattern-set might have been downloaded before the automatic updates setup procedure. In that situation, a new pattern-set will not be available for automatic updates until the next set is downloaded from the Trend ActiveUpdate Server.

    The caching behavior of the Trend CPM Server component downloads only new content from the Trend ActiveUpdate Server. To start an immediate download of the latest pattern-set to use in automatic updates:

    1. Clear the CPM Server Component download cache - Delete the contents of the folder 
      C:\Program Files\Trend Micro\Core Protection Module Server\download.
    2. Configure a periodic policy action and deploy the action from the task Core Protection Module - Set ActiveUpdate Server Pattern Update Interval.

  3. Issue a "Apply Automatic Updates" Task.
    This policy action monitors the latest pattern file versions and applies them to endpoints with automatic updates enabled. Target this action at all computers and set with the following parameters:
    • Reapply whenever relevant.
    • Reapply an unlimited number of times.
    • Set to never expire.
    • Try again up to 99 times on failure.