Product updates and upgrades

Advanced EDR is a cloud-based managed service that does not require network administrators to perform maintenance on the back-end infrastructure that supports it. However, administrators do need to update the client software installed on the computers on the network, and launch upgrades of the management console, when required.

Updatable modules in the client software

The components installed on user computers are these:

  • Cytomic Platform communications agent.

  • Advanced EDR protection engine.

  • Signature file.

The update procedure and options vary depending on the operating system of the device to update, as indicated in Update procedures based on the client software component.

Module Platform
  Windows macOS Linux

Cytomic agent

On demand

Advanced EDR protection

Configurable

Configurable

Configurable

Signature file

Enable/Disable

Enable/Disable

Enable/Disable

Update procedures based on the client software component

  • On demand: You can launch the update when you want, provided there is an update available, or postpone it for as long as you want.

  • Configurable: You can configure update windows for future and recurrent updates, and disable them as well.

  • Enable/Disable: You can enable and disable updates. If updates are enabled, they will run automatically when they are available.

  • No: You cannot influence the update process. Updates run as soon as they are available, and you cannot disable them.

Protection engine updates

To configure protection engine updates, you must create and assign a Per-computer settings profile. To do this, select Settings in the top menu. In the left menu, select Per-computer settings.

Limits to downloading engine updates from cache and Cytomic proxy computers

You can download protection engine updates directly from the Internet or through a cache or Cytomic proxy computer. See Configuring downloads from cache computers and Configuring proxies lists for Internet access.

There are limitations to using one method or another, depending on the computer operating system:

  • Computers with a Windows or macOS operating system: They can download installation packages from cache computers, proxy computers, and the Internet.

  • Computers with a Linux operating system: They use the distribution’s own package manager to perform downloads. Therefore, they cannot download installation packages through a cache or Advanced EDR proxy computer.

Cache computers store installation packages until they are no longer valid, at which time they are deleted.

Updates

To enable automatic updates of the Advanced EDR protection module, click the Automatically update Advanced EDR on devices toggle. This enables all other configuration options on the page. If this option is disabled, the protection module will never be updated.

We recommend that you do not disable protection engine updates. A computer with out-of-date protection becomes more vulnerable to malware and advanced threats over time.

Running updates at specific time intervals

Configure these parameters for computers to run updates at specific time intervals:

  • Start time

  • End time

To run updates at any time, select Anytime.

Running updates on specific days

Use the drop-down menu to specify the days on which updates should be run:

  • Any day: The updates will run when they are available. This option does not link Advanced EDR updates to specific days.

  • Days of the week: Use the checkboxes to select the days of the week on which the Advanced EDR updates will run. If an update is available, it will run on the first day of the week that matches your selection.

  • Days of the month: Use the drop-down menus to set a range of days of the month for the Advanced EDR updates to take place. If an update is available, it will run on the first day of the month that matches your selection.

  • On the following days: Use the drop-down menus to set a specific date range for the Advanced EDR updates. This option enables you to select update intervals that will not repeat over time. After the specific date range, no updates will be run. This option forces you to constantly establish a new update interval as soon as the previous one expires.

Computer restart

Advanced EDR enables you to define a logic for computer restarts, if needed, through the drop-down menu at the bottom of the settings page:

  • Do not restart automatically: A restart dialog box on the target computer prompts the user to restart the computer. The dialog box continues to open until the computer restarts.

  • Automatically restart workstations only.

  • Automatically restart servers only.

  • Automatically restart both workstations and servers.

Communications agent updates

The Cytomic agent is updated on demand. Advanced EDR shows a notification in the management console every time a new agent version is available. After that, you can launch the update whenever you want.

Updating the Cytomic agent does not require restarting users’ computers. These updates usually contain changes and improvements to the management console to facilitate security management.

Limits to downloading communications agent updates from cache and Cytomic proxy computers

You can download communications agent updates directly from the Internet or through a cache or Cytomic proxy computer. See Configuring downloads from cache computers and Configuring proxies lists for Internet access.

There are limitations to using one method or another, depending on the computer operating system:

  • Computers with a Windows or macOS operating system: They can download installation packages from cache computers, proxy computers, and the Internet.

  • Computers with a Linux operating system: They use the distribution’s own package manager to perform downloads. Therefore, they cannot download installation packages through a cache or Cytomic proxy computer.

Cache computers store installation packages until they are no longer valid, at which time they are deleted.

Knowledge updates

To configure updates of the Advanced EDR signature file, you must edit the security settings of the device type in question.

Knowledge downloads from cache and Cytomic proxy computers

Computers with a Windows, macOS, or Linux operating system can download knowledge directly from the Internet or through a cache or Cytomic proxy computer.

Cache computers store signature files until they are no longer valid, at which time they are deleted.

Windows, Linux, and macOS devices

In the top menu, select Settings. In the left menu, select Workstations and servers.

Go to General. These options are shown:

  • Automatic knowledge updates: Enable or disable signature file downloads. If you clear this option, the signature file will never be updated.

We recommend that you do not disable automatic knowledge updates. A computer with out-of-date protection becomes more vulnerable to malware and advanced threats over time.

Management console upgrades

Network administrators can choose when to start the process of upgrading the management console on the Cytomic servers. Otherwise, Cytomic automatically upgrades the management console to the latest available version.

To carry out this operation, the user account that accesses the web console must have the Full Control role. See Full Control role.

Considerations prior to upgrading the console version

Although this is a process that takes place entirely on the Cytomic servers, upgrading the console version can push new versions of the security software to customer computers. This can result in traffic loads and the need to restart the computers on the network in some cases. To reduce traffic during upgrades, see “Configuring downloads from cache computers”.

Console upgrades are transparent to administrators. They do not affect the console operation. When the process completes, the console closes automatically. When you log in again, you access the upgraded version of the console.

Starting the management console upgrade

  • In the upper-right corner of the top menu, click the Web notifications icon . The unread notifications appear.

  • If there is a console upgrade available, a message entitled New management console version is shown, along with the New features and improvements link, the version to which the console will be upgraded, and the Upgrade console now button. This type of notification cannot be deleted, as it does not show the icon. See Web notifications icon .

The Upgrade console now button is shown only if the user account used to access the management console has the Full Control role assigned to it.

  • After you click the button, the upgrade request is queued on the server, waiting to be processed. The maximum time the request remains queued on the server is 10 minutes.

  • After the request has been processed, the upgrade process starts and the notification shows the text Upgrade in progress. If any user account tries to log in to the console, access is denied. For the duration of the upgrade process, you cannot log in to the management console.

  • After some time, which depends on the number of managed computers and the data stored on the console, the upgrade process finishes.

Canceling the upgrade

  • After the upgrade process has started, click the Web notifications icon in the upper-right corner of the top menu. The unread notifications appear.

  • If a console upgrade exists in the request queue that has not started yet, a message entitled New management console version is shown, along with the New features and improvements link and the Cancel upgrade button.

  • To remove the upgrade request from the queue, click the Cancel upgrade button. The button disappears and the Upgrade console now button is shown again.