Updating the protection definitions

By default, all protection agents can connect to the Internet and download updates for the following components:

  • Antimalware
  • Vulnerability assessment
  • Patch management

Agents with the Updater role

An administrator can minimize the network bandwidth traffic by selecting one or more protection agents in the environment and assigning the Updater role to them. Thus, the dedicated agents will connect to the Internet and download updates. All other agents will connect to the dedicated updater agents by using peer-to-peer technology, and then download the updates from them.

The agents without the Updater role will connect to the Internet if there is no dedicated updater agent in the environment, or if the connection to a dedicated updater agent cannot be established for about five minutes.

Before assigning the Updater role to an agent, ensure that the machine on which the agent runs is powerful enough, and has a stable high-speed Internet connection and enough disk space.

You can assign the Updater role to multiple agents in the environment. Thus, if an agent with the Updater role is offline, other agents with this role can serve as a source of updated protection definitions.

The following diagram illustrates the options for downloading protection updates. To the left, an agent is assigned the Updater role. That agent connects to the Internet to download the protection updates, and its peer agents connect to the Updater agent to obtain the latest updates. To the right, no agent is assigned the Updater role, so all agents connect to the Internet to download protection updates.

To prepare a machine for the Updater role

  1. On the machine where an agent with the Updater role will run, apply the following firewall rules:

    • Inbound (incoming) "updater_incoming_tcp_ports": allow connection to TCP ports 18018 and 6888 for all firewall profiles (public, private, and domain).

    • Inbound (incoming) "updater_incoming_udp_ports": allow connection to UDP port 6888 for all firewall profiles (public, private, and domain).

  2. Restart the Acronis Agent Core Service.

  3. Restart the Firewall Service.

If you do not apply these rules and the firewall is enabled, peer agents will download the updates from the cloud.

To assign the Updater role to an agent

  1. In the Cyber Protect console, go to Settings > Agents.
  2. Select the machine with the agent to which you want to assign the Updater role.
  3. Click Details, and then enable the Use this agent to download and distribute patches and updates switch.