Updating application databases and modules

Updating the databases and application modules of Kaspersky Embedded Systems Security ensures up-to-date protection on your device. New viruses, malware, and other types of threats appear worldwide on a daily basis. Kaspersky Embedded Systems Security databases contain information about threats and ways of neutralizing them. To detect threats quickly, you are urged to regularly update the application databases and modules.

The following objects are updated on users' devices:

• Application databases. Application databases include databases of malware signatures, a description of network attacks, databases of malicious and phishing web addresses, databases of banners, spam databases, and other data.
• Application modules. Module updates are intended to eliminate vulnerabilities in the application and to improve methods of protecting devices. Module updates may change the behavior of application components and add new capabilities.

Kaspersky Embedded Systems Security supports the following scenarios for updating databases and application modules:

• Update from Kaspersky servers. Kaspersky update servers are located in different countries around the world, which ensures a high reliability of updates. If an update cannot be performed from one server, Kaspersky Embedded Systems Security switches over to the next server.
• Centralized update Centralized update reduces external Internet traffic, and provides for convenient monitoring of the update.

  Centralized update consists of the following steps:

  1. Download the update package to a repository within the organization's network.

     The update package is downloaded to the repository by the Download updates to Administration Server repository task of the Administration Server.

  2. Distribute the update package to client devices

     The update package is distributed to the client devices by the Update task of Kaspersky Embedded Systems Security. You can create an unlimited number of update tasks for each administration group.

For the Web Console, by default, the list of update sources contains Kaspersky update servers and Kaspersky Security Center Administration Server. For the Kaspersky Security Center Cloud Console, the default list of update sources contains distribution points and Kaspersky update servers. For more details about distribution points, refer to Kaspersky Security Center Cloud Console documentation.

You can add other update sources to the list. You can specify FTP-, HTTP-, or HTTPS servers as update sources. If an update cannot be performed from an update source, Kaspersky Embedded Systems Security switches to the next update source.

Updates are downloaded from Kaspersky update servers or from other FTP, HTTP, or HTTPS servers over standard network protocols. If connection to a proxy server is required to access the update sources, specify the proxy server settings in the Kaspersky Embedded Systems Security policy settings.

Updating from the Administration Server repository

To save Internet traffic, you can configure updates of application databases and modules on devices on the organization's LAN from a server repository. To do this, in Kaspersky Security Center you need to configure downloading the update package from Kaspersky update servers in the Administration Server repository. Other devices on the organization's LAN will be able to receive the update package from the server repository.

Configuring application database and module updates from the server repository consists of the following steps:

1. Download application databases and modules to the Administration Server repository using the Download updates to the Administration Server repository task of Kaspersky Security Center.
2. Configure updates of application databases and modules from the Administration Server repository on the remaining hosts using the Update task.

To configure updates of application databases and modules from the Administration Server repository:

1. In the main window of Web Console, select Devices → Tasks.

   The list of tasks opens.

2. In the list of tasks, select the Update task for Kaspersky Embedded Systems Security and click the link with the task name to open the task properties window.

   The Update task is created automatically by the Web Console Initial Setup Wizard. To create the Update task, install Kaspersky Embedded Systems Security web plug-in while running the Wizard.

3. In the task properties window, select the Application settings tab.
4. In the list on the left, select the Database update source section.

   The task settings are displayed in the right part of the window.

5. In the Database update source section, select the Kaspersky Security Center Administration Server option.
6. Select the Use Kaspersky update servers if other update sources are not available check box if you want to the Update task to use Kaspersky update servers if the Administration Server repository is unavailable.
7. Click Save.

Updating using Kaspersky Update Utility

To reduce Internet traffic, you can configure updates of application databases and modules on devices of the organization's LAN from a shared directory by using the Kaspersky Update Utility. For this purpose, one of the devices in the organization's LAN must receive update packages from the Kaspersky Security Center Administration Server or from Kaspersky update servers and use the utility to copy the received update packages to the shared directory. Other devices on the organization's LAN will be able to receive the update package from this shared directory.

Configuring application database and module updates from a shared directory consists of the following steps:

1. Install Kaspersky Update Utility on one of the devices of the organization's LAN.
2. Configure copying of the update package to the shared directory in the Kaspersky Update Utility settings.
3. Configure application database and module updates from the specified shared directory to the remaining devices on the organization's LAN.

You can download the Kaspersky Update Utility distribution kit from the Kaspersky Technical Support website. After installing the utility, select the update source (for example, the Administration Server repository) and the shared directory to which the Kaspersky Update Utility will copy update packages. For detailed information about using Kaspersky Update Utility, refer to the Kaspersky Knowledge Base.

To configure updates from a shared directory:

1. In the main window of Web Console, select Devices → Tasks.

   The list of tasks opens.

2. In the list of tasks, select the Update task for Kaspersky Embedded Systems Security and click the link with the task name to open the task properties window.

   The Update task is created automatically by the Web Console Initial Setup Wizard. To create the Update task, install Kaspersky Embedded Systems Security web plug-in while running the Wizard.

3. In the task properties window, select the Application settings tab.
4. In the list on the left, select the Database update source section.

   The task settings are displayed in the right part of the window.

5. In the Database updates source section, select the Other sources on the local or global network option.
6. In the table of update sources, click the Add button.
7. In the Update source field, specify the path to the shared directory.

   The source address must match the address indicated in the Kaspersky Update Utility settings.

8. Select the Use this source check box and click OK.
9. In the table, set the order of the update sources using the Up and Down buttons.
10. Click Save.

Using a proxy server for updates

You may be required to specify proxy server settings to download database and application module updates from the update source. If there are multiple update sources, proxy server settings are applied for all sources. If a proxy server is not needed for some update sources, you can disable the use of a proxy server in Kaspersky Embedded Systems Security policy settings. The application will also use a proxy server to access Kaspersky Security Network and activation servers.

To enable use of a proxy server for a specific administration group:

1. In the main window of the Web Console, select the Devices → Policies and profiles tab.
2. In the list of policies, select the Kaspersky Embedded Systems Security policy for the administration group on whose devices you want to disable the use of a proxy server. Click the link with the policy name to open the policy properties window.
3. In the policy properties window, select the Application settings tab.
4. Select the General settings → Proxy server settings section.
5. In the Proxy server settings section, select the Use specified proxy server settings and specify the required proxy server settings.
6. Click OK.
7. Click Save.