2.2.3. Update signatures and/or engines (update)

Updates apply to GCenter and GCap.

There are several types of update packages:

• malcore package: this package contains only engine and antivirus database updates used by Malcore

• dga package: this package contains updates to the gdgadetect engine

• cti package: this package contains CTI engine updates

• sigflow package: this package contains only Sigflow engine and rule base updates

• full package (full): this package is the sum of the previous packages

These packages can be installed as follows:

• Update Manual

• Update automatic

---

2.2.3.1. Update Manual

The manual update is suitable for isolated environments.

The administrator must first manually download the update packages to an administration workstation and then upload them to the GCenter via the web interface.

Note

The cti.gwp package is updated hourly on update.gatewatcher.com The other packages dga.gwp, malcore.gwp, sigflow.gwp, and full.gwp are updated daily.

In this case, the GUI to be used is described in `Admin-GUM- Threat DB update` screen of the legacy web UI.

For manual installation, see Manual installation of an update of signatures and/or anti-viral engines (update).

---

2.2.3.2. Update automatic

They can be carried out in different ways according to the needs of the information system:

• Update Online

• Update Local

This schedule must be configured.

This configuration is described in paragraph GUM Setup.

The GUI to be used is described in ../../05_GUI_presentation/05_2_interface_presentation.

For planning implementation, refer to Configuring automatic update via GUM.

---

2.2.3.2.1. Update Online

The Online update automates updates and reduces administration tasks.

Updates are done automatically from https://update.gatewatcher.com/ and https://gupdate.GATEWATCHER.com.

Note

In the case of scheduled Online mode, the schedule only applies to the Sigflow engine.

Engine updates Malcore are performed every 24 hours.

---

2.2.3.2.2. Update Local

In order to meet specific security constraints, the GCenter is able to fetch its updates from a local repository.

The steps for setting up a local repository are as follows:

• Prerequisites: a listening web server on port 80

• Create the following tree structure: "2.5.3.10X/GCenter" according to the GCenter version (2.5.3.102).

  In the following configuration example, this tree should be created at the root of the server.

• Retrieve gwp files (cti.gwp, dga.gwp, malcore.gwp, sigflow.gwp for the 2.5.3.102) on https://update.gatewatcher.com/update/

• In "2.5.3.10X/GCenter", put the previously recovered gwp files

• In "2.5.3.10X/GCenter", put the files . sha256 corresponding to the files above

Note

The cti.gwp package is updated hourly on update.gatewatcher.com The other packages dga.gwp, malcore.gwp, sigflow.gwp are updated every day. It is not possible to download the full.gwp file in automatic mode

Note

Before a version upgrade, it is strongly recommended to update the local repository tree by adding a folder with the name of the new version.

If this is not the case, the equipment will no longer be able to update and this will cause errors during automatic updates.

---