9.4.2. Manual installation of a signature update

9.4.2.1. Introduction

This procedure describes the various options for updating the signature files of the solution's detection engines.

Updates can be triggered:

either scheduled.

This schedule is programmed in the GUM configuration (see `Admin- GUM - Config` screen of the legacy Web UI).

In this case, the `Updates` screen provides information on the last scheduled installation.
Or manually.

In this case, it is necessary to load a package from the remote PC onto the GBox and then trigger the installation of this package.

In this case, the `Updates` screen shows information about this installation.

Important

It is not possible to update in manual mode if the online mode is configured.

Note

See the presentation described in the Updates to detection signatures and/or anti-virus engines section

The graphical interface is described in the `Admin- GUM - Updates` screen of the legacy Web UI paragraph.

Note

If necessary, configure a proxy (see the Configuring a proxy procedure).

9.4.2.2. Prerequisites

User: member of Administrators Group

9.4.2.3. Preliminary operations

Connect to the GBox via a browser (see Connection to the web interface via a browser).
Download a .gwp file from https://update.gatewatcher.com/update/<version_gbox>/gbox/

Note

Files with names ending in "v3.gwp" such as latest_malcore_v3.gwp or latest_full_v3.gwp are for V101.

The other files (latest_full.gwp, latest_malcore.gwp, ...) concern version 100 of the GBox.

9.4.2.4. Procedure for accessing the `Admin/GUM/Updates` screen window

In the navigation bar, click on the `Updates` command in the `GUM` menu.

The following screen is displayed:

9.4.2.5. Procedure for updating signature files in manual mode

Click on the `Browse` button (4) and select the previously downloaded package
Validate the command.

The button displays `Please wait...`.

The progress bar in the `Reading the gwp file` field starts to advance. This means that the file has been downloaded and the system is checking its integrity.
Wait for the message `The last gum operation was made with success` to appear.

The progress bar in the `Updating malcore` field begins to progress. This corresponds to the processing of the Malcore engine files.
Wait for the message `The last gum operation was made with success` to appear.

The progress bar in the `Updating sandbox` field starts to move: this corresponds to the processing of updates to signatures and modules used by the sandbox.
Wait for the message `The last gum operation was made with success` to appear.

9.4.2.6. Procedure for checking that Gmalcore engines are in good condition

In the navigation bar, click on the `Analysers` command.

Click on command (3) `Config`.

The following screen is displayed.

Look for a message in zone (1).
In the case of a message of the type `x engine(s) have failed to update`, check the status of the installed engines (column (2)).

Engines whose status is red in column (2) are not in PRODUCTION status.

Some engines take a long time to update and are still in DOWNLOADED status.
Wait for the update to finish and for all the engines to be OK (PRODUCTION status).

If one of the engines is still not OK then it is necessary to restart the Gmalcore services.

To do this see Malcore engine service access procedure.
If this does not fix the problem then reinstall the Gmalcore services.

To do this see Malcore engine service access procedure.