Pattern Updates
There are a number of moving parts and components that are involved
with the routine task of updating the pattern files:
- CPM server components include:
- Proxy Settings
TMCPMAuHelper.exe
TrendMirrorScript.exe
- Pattern Update Wizard
- Pattern-set Loading via Manifest.json
BESAgent.exe
(for dynamic download requests for pattern-sets)TMMPMAuUpdater.exe
(for request and application of pattern-sets)
General
- The default ActiveUpdate server (for pattern updates) appears
in the BigFix Server
registry:
HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\CPMsrv \ServerUpdateSource\DefaultAUServer
- The default ActiveUpdate server URL for CPM for Mac version 2.0:
http://cpm-p.activeupdate.trendmicro.com/activeupdate
- CPM server - Check that the server exists in the Windows Registry:
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\CPM\server
- CPM server - If the automatic update Task is successful, the CPM
site will exist in the bfsites directory:
<%Program Files%>\BigFix Enterprise\BES Server\wwwrootbes\bfsites \CustomSite_FileOnlyCustomSite_CPMAutoUpdate_0_1
- CPM for Mac client - After automatic updates are enabled on the
client, the CPM site will exist in the IBM BigFix subscribed
sites directory:
<%Program Files%>\BigFix Enterprise\BES Client\__BESData \CustomSite_FileOnlyCustomSite_CPMAutoUpdate
- Check for pattern updates on the CPM server. From the CPM Dashboard,
click Update/Rollback Patterns > Create Pattern Update/Rollback
Task to open Pattern Update and Rollback Wizard.
- If there are no new updates, inspect the Task Core Protection Module - Set ActiveUpdate Server Pattern Update Interval.
- If the Task was run but the updates are not working properly, check the Action or the BigFix Agent logs on the BigFix Server.
- Check the BigFix Server
to confirm whether pattern updates are being received as expected:
<%Program Files%>\BigFix Enterprise\BES Server \wwwrootbes\cpm\patterns
- Check the
TrendMirrorScript.exe
logs from<%Program Files%>\BigFix Enterprise\TrendMirrorScript\logs
- Confirm that older pattern files are still on the BigFix Server (by default a reserve of 15 patterns are retained).
Automatic Pattern Updates
- Check the BigFixConsole to verify whether any CPM servers require action for Core Protection Module > Warnings.
- Check on the BigFix Server that the Task, Core Protection Module - Set ActiveUpdate Server Pattern Update Interval has been created and run. This task must be set to automatically reapply at a frequent interval (often, hourly), and it must not be restricted in any way that would conflict with the action.
- Check on the BigFix Server that the Task, Core Protection Module - Apply Automatic Updates has been run and that the Action has successfully completed.
- On the CPM Server, the user account must be in place for the propagation
site. The
PropagateManifest
registry key must be set to 1.- For 32-bit endpoints:
HKEY_LOCAL_MACHINE\SOFTWARE\BigFix\CPM\server
- For 64-bit endpoints:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\CPM \server
/Library/Preferences/com.bigfix.BESAgent.plist
- For 32-bit endpoints:
Proxy Servers
If there is a proxy server between the BigFix Server and Internet, two separate configurations are necessary:
- The BigFix Server proxy authentication settings: Used by BESGather service, and typically set during the BigFix Server install. For more information see the Knowledge Base article: http://support.bigfix.com/cgi-bin/kbdirect.pl?id=231
- CPM Server component proxy authentication settings: Used by the
update program,
TMCPMAuHelper.exe
. Set or check this from Endpoint Protection > Core Protection Module > Configuration > ActiveUpdate Server Settings > ActiveUpdate Server Settings Wizard.
If the latest pattern file already exists on the CPM Server,
you must perform the following manual steps to continue testing.
- Locate and delete the following folder:
%CPM_SERVER_INSTALL_FOLDER%\bin\AU_Data
- Delete all files and any subfolders from this directory (but not
the folder itself):
%CPM_SERVER_INSTALL_FOLDER%\download
- From Endpoint Protection > Core Protection Module > Updates > Automatic Update Tasks, run the Core Protection Module - Set ActiveUpdate Server Pattern Update Interval Task.
Client-Side Logging: ActiveUpdate
- On the CPM for Mac client, create or locate and open the following
text file:
/Library/Application Support/TrendMicro/common/lib/ AUlib / aucfg.ini
- Add or change the following parameter:
[debug]
level=-1
- Save and close the file.
- Log output will be saved here:
/Library/Application Support/TrendMicro/common/lib/ AUlib /AU_Data/AU_Log/TmuDump.txt
Additional Files
- Create a manifest file and list of URLs by typing the following
at a command prompt:
TMMPMAuUpdater -pu -m Manifest -f urllist
- Check the file,
server.ini
in the following location:/Library/Application Support/TrendMicro/MPM/download/