Provide steps to enable and disable automatic updates and setting the frequency and randomization of updates for the Signature Files for the Local Scanner

• Carbon Black Cloud Console: All Versions
  • Endpoint Standard (formerly CB Defense)
• Carbon Black Cloud Sensor: 2.0.1.x and Higher
• Microsoft Windows: All Supported Versions

1. Log into CB Cloud Console
2. Go to Enforce > Policies
3. Click on desired Policy name
4. Click on Local Scan tab
5. Under Scanner Config section set On Access File Scan Mode to Enabled or Aggressive 
6. Under Signature Updates section set Allow Signature Updates (Enabled/Disabled) to turn automatic updates on or off
7. Set Frequency (2, 4, 8, 12, 24 hours) to desired amount of time between checks for and downloads of new files
8. Set Staggered Update Randomization Window (1, 2, 3, 4, 5, 6, 7, 8 hours) to desired time to avoid all Sensors attempting to download at same time per Policy
9. Click Save button to save changes

• Best Practice is to set Frequency and Staggered Update Randomization Window to 2 hours and 1 hour, respectively, in order to stay as updated as possible
• The steps above only impact one Policy at a time and should be repeated for all desired Policies
• Disabling Signature Updates (Allow Signature Updates > Disabled) will stop Sensors in the designated Policy from pulling down updated signature files, and they will begin to show as out-of-date (red triangle) in the Sig column on the Endpoints page one week after disabling unless or until these updates are re-enabled
• The Frequency and Staggered Update Randomization Window (sometimes called Jitter Window) settings should be considered together, as setting Frequency to 4 hours and Randomization to 4 hours would mean Sensors not getting updated Signature Files should not be of concern until at least 8 hours have elapsed from the previous update check/install
• Automatic Updates should be the primary means of keeping signature files updated