9.4.2. Manual installation of a signature update
9.4.2.1. Introduction
This procedure describes the various options for updating the signature files of the solution's detection engines.
Updates can be triggered:
- either scheduled.This schedule is programmed in the GUM configuration (see `Admin- GUM - Config` screen of the legacy Web UI).In this case, the
`Updates`
screen provides information on the last scheduled installation. - Or manually.In this case, it is necessary to load a package from the remote PC onto the GBox and then trigger the installation of this package.In this case, the
`Updates`
screen shows information about this installation.Important
It is not possible to update in manual mode if the online mode is configured.
Note
See the presentation described in the Updates to detection signatures and/or anti-virus engines section
The graphical interface is described in the `Admin- GUM - Updates` screen of the legacy Web UI paragraph.
Note
If necessary, configure a proxy (see the Configuring a proxy procedure).
9.4.2.2. Prerequisites
User: member of Administrators Group
9.4.2.3. Preliminary operations
Connect to the GBox via a browser (see Connection to the web interface via a browser).
Download a .gwp file from https://update.gatewatcher.com/update/<version_gbox>/gbox/
Note
Files with names ending in "v3.gwp" such as latest_malcore_v3.gwp or latest_full_v3.gwp are for V101.The other files (latest_full.gwp, latest_malcore.gwp, ...) concern version 100 of the GBox.
9.4.2.4. Procedure for accessing the `Admin/GUM/Updates`
screen window
- In the navigation bar, click on the
`Updates`
command in the`GUM`
menu.The following screen is displayed:
9.4.2.5. Procedure for updating signature files in manual mode
Click on the
`Browse`
button (4) and select the previously downloaded package- Validate the command.The button displays
`Please wait...`
.The progress bar in the`Reading the gwp file`
field starts to advance. This means that the file has been downloaded and the system is checking its integrity. - Wait for the message
`The last gum operation was made with success`
to appear.The progress bar in the`Updating malcore`
field begins to progress. This corresponds to the processing of the Malcore engine files. - Wait for the message
`The last gum operation was made with success`
to appear.The progress bar in the`Updating sandbox`
field starts to move: this corresponds to the processing of updates to signatures and modules used by the sandbox. Wait for the message
`The last gum operation was made with success`
to appear.
9.4.2.6. Procedure for checking that Gmalcore engines are in good condition
In the navigation bar, click on the
`Analysers`
command.
- Click on command (3)
`Config`
.The following screen is displayed.
Look for a message in zone (1).
- In the case of a message of the type
`x engine(s) have failed to update`
, check the status of the installed engines (column (2)).Engines whose status is red in column (2) are not in PRODUCTION status.Some engines take a long time to update and are still in DOWNLOADED status. Wait for the update to finish and for all the engines to be OK (PRODUCTION status).
- If one of the engines is still not OK then it is necessary to restart the Gmalcore services.To do this see Malcore engine service access procedure.
- If this does not fix the problem then reinstall the Gmalcore services.To do this see Malcore engine service access procedure.