2.2.3. Update signatures and/or engines (update)

Updates apply to GCenter and GCap.

There are several types of update packages:

malcore package: this package contains only engine and antivirus database updates used by Malcore
dga package: this package contains updates to the gdgadetect engine
cti package: this package contains CTI engine updates
sigflow package: this package contains only Sigflow engine and rule base updates
full package (full): this package is the sum of the previous packages

These packages can be installed as follows:

Update Manual
Update automatic

2.2.3.1. Update Manual

The manual update is suitable for isolated environments.

The administrator must first manually download the update packages to an administration workstation and then upload them to the GCenter via the web interface.

Note

The cti.gwp package is updated hourly on update.gatewatcher.com The other packages dga.gwp, malcore.gwp, sigflow.gwp, and full.gwp are updated daily.

In this case, the GUI to be used is described in `Admin-GUM- Threat DB update` screen of the legacy web UI.

For manual installation, see Manual installation of an update of signatures and/or anti-viral engines (update).

2.2.3.2. Update automatic

They can be carried out in different ways according to the needs of the information system:

Update Online
Update Local

This schedule must be configured.
This configuration is described in paragraph GUM Setup.
The GUI to be used is described in `Admin- GUM - Config` screen of the legacy web UI.
For planning implementation, refer to Configuring automatic update via GUM.

2.2.3.2.1. Update Online

The Online update automates updates and reduces administration tasks.

Updates are done automatically from https://update.gatewatcher.com/ and https://gupdate.GATEWATCHER.com.

Note

In the case of scheduled Online mode, the schedule only applies to the Sigflow engine.

Engine updates Malcore are performed every 24 hours.

2.2.3.2.2. Update Local

In order to meet specific security constraints, the GCenter is able to fetch its updates from a local repository.

The steps for setting up a local repository are as follows:

Prerequisites: a listening web server on port 80
Create the following tree structure: "2.5.3.10X/GCenter" according to the GCenter version (2.5.3.102).

In the following configuration example, this tree should be created at the root of the server.
Retrieve gwp files (cti.gwp, dga.gwp, malcore.gwp, sigflow.gwp for the 2.5.3.102) on https://update.gatewatcher.com/update/
In "2.5.3.10X/GCenter", put the previously recovered gwp files
In "2.5.3.10X/GCenter", put the files . sha256 corresponding to the files above

Note

The cti.gwp package is updated hourly on update.gatewatcher.com The other packages dga.gwp, malcore.gwp, sigflow.gwp are updated every day. It is not possible to download the full.gwp file in automatic mode

Note

Before a version upgrade, it is strongly recommended to update the local repository tree by adding a folder with the name of the new version.

If this is not the case, the equipment will no longer be able to update and this will cause errors during automatic updates.