CAS can run antivirus engines from multiple sources, including Kaspersky, McAfee, Sophos, and Cylance (this last product is not technically an antivirus product). These products need to contact with several of the Blue Coat (*.es.bluecoat.com) back end servers to see if there are any updates to the Patterns available.
Note: To ensure that these updates are retrieved without issue, Symantec (Blue Coat) recommends that Content Analysis be allowed to reach that destination on ports 80 and 443 without authentication, SSL interception, or firewall interruption.
In contrast to ProxyAV, where the update frequency for the AV Engine Patterns can be manually configured, the Content Analysis System (CAS) maintains the update interval at 5 minutes. This is hard·coded and cannot be changed.
As a workaround for this limitation, update checks can be forced by going to:
For more information on how to manually trigger an AV update on CAS, please read Can the AV pattern update interval be manually configured on the Content Analysis System?