To stay updated on your favorite discussions, please create an account or log in. Then, click the Bookmark icon to subscribe and receive notifications.

How to update the malware database of WithSecure Linux Security clients ?

homerD2
homerD2 Member Posts: 3 Security Scout

Hello,

I rencently installed WithSecure Linux Security 16.00 on Ubuntu 22.04 machines. These Linux VMs are not connected to the internet, they are connected to a Windows Server Policy Manager, which is connected to the internet. On the Policy Manager, I can see my Linux machines. I can also see that they are well connected to the Policy Manager because they receive the last strategies when I change some settings :

But the problem is that those machines don't update their malware database, even when I force the update manually in the "Operation" menu :

So how can I make my machines to automaticly update their malware database ?

Thank you in advance,

Homer.

Best Answer

  • JamesC
    JamesC Staff, Moderator Posts: 559 W/ Moderator
    Solved

    Hi @homerD2 ,

    Yes, correct. You should be receiving updates from Policy Manager.

    Do you recall if the below option was used during LS64 installation ?

    In general, the --automatic-updates=none option must not be used when installing LS64 on an endpoint if the endpoint is supposed to be managed by PM (regardless of whether the endpoint has or doesn't have network connectivity to anywhere else than PMS).  

    If this option was specified at installation time, the only way to fix that is to uninstall and reinstall (without using the option).


    Regards

    James

Answers

  • Sethu Laks
    Sethu Laks Staff, Moderator Posts: 288 W/ Moderator
    edited November 8

    Hi @homerD2

    Thank you for reaching out the WithSecure Community,

    Please make sure if you have enabled the automatic updates setting to the updates for all channels. Follow the steps below to Enable all automatic database update from Policy Manager Console

    In the Standard view of Policy Manager Console:

    1. Select the target domain.
    2. Go to the Settings > Linux > Centralized management page.
    3. Check Enable automated product and security updates
    4. Distribute policy

    For offline environment, you need to follow the steps as instructed here

    Using archives to update malware definitions | Policy Manager | 16.00 | WithSecure User Guides

  • homerD2
    homerD2 Member Posts: 3 Security Scout

    Hello Sethu Laks,

    First, thank you for your quick response. The settings you just showed were already applied in my Policy Manager. It was enabled, and configured on "daily" at 7:00 PM. Could it be a network issue ? These updates may need a specific port to be opened in order to be possible ?

    Also, should I consider my Linux machines to be "offline" ? Like I said before, they are not connected to the internet, only to my Policy Manager. But my Policy Manager is connected to the internet, and capable of getting the last updates of the malwares databases. My conclusion is that the Linux machiunes should get the updates from the Policy Manager, right ?

    Thank you in advance,

    Homer.

  • homerD2
    homerD2 Member Posts: 3 Security Scout

    Hello James,

    The --automatic-updates=none was used during the installation. I uninstalled and reinstalled without using the option, and it is now working well.

    Thank you to the both of you for your help,

    Homer.


Categories