Antivirus (AV) Pattern Updates Frequency on Content Analysis (CAS)

book

Article ID: 169316

calendar_today

Updated On:

Products

Content Analysis Software - CA

Issue/Introduction

CAS can run antivirus engines from multiple sources, including Kaspersky, McAfee, Sophos, and Cylance (this last product is not technically an antivirus product). These products need to contact with several of the Blue Coat (*.es.bluecoat.com) back end servers to see if there are any updates to the Patterns available.

Note: To ensure that these updates are retrieved without issue, Symantec (Blue Coat) recommends that Content Analysis be allowed to reach that destination on ports 80 and 443 without authentication, SSL interception, or firewall interruption.

Resolution

In contrast to ProxyAV, where the update frequency for the AV Engine Patterns can be manually configured, the Content Analysis System (CAS) maintains the update interval at 5 minutes. This is hard·coded and cannot be changed.

As a workaround for this limitation, update checks can be forced by going to:

  1. CAS Management Console > Services tab > AV Patterns.
  2. Press either Update Now or Force Update Now.

For more information on how to manually trigger an AV update on CAS, please read Can the AV pattern update interval be manually configured on the Content Analysis System?