Download Operations

The Downloads tab allows you to specify the location from which the files used by the program will be downloaded and refreshed. The files include the scan engines, the news file displayed on the home page, and the deployment information file, as well as download source for the patch and service pack files. The program will check an Internet location or the specified distribution server to determine if newer versions of the files are available.

 

Patch download directory

Displays the location of the patch download directory. This directory is used to store all patches that are downloaded in advance of a patch deployment.

To change the location, click the browse button.

Important! If the directory resides on a network drive be sure to use the UNC naming convention; DO NOT SPECIFY A MAPPED DRIVE.

Using a Remote UNC Share Directory

If desired, you can specify a remote share directory for the patch download directory. In order for this to work, appropriate permissions need to be set on the remote directory. Both the Shavlik Protect console user and the console machine need to be granted access to the download directory. The console user should have read/write permission to the share and the console machine needs read access. When specifying share permissions for a machine, you must append a ”$” to the end of the machine name. For example:

In some configurations additional users may need to be granted access to the download directory. If you specify machine or machine group credentials for machines that download patches from a distribution server, the specified user accounts will require read access to the download directory share.

Making the download directory share readable by everyone may or may not be an effective strategy. It depends on:

  • Whether the credential users and the download directory host belong to the same (or trusted) domain(s)

  • The specifics of the local security policy

Definition download source

You can specify where the latest scan engines and data files downloaded by this console are located. The available options are:

  • Auto-update definitions (before scans): If enabled, will cause the program to automatically check for and download updated data definition files whenever a new scan is performed. Enabling this check box will also enable the Tools > Auto-update definitions menu command.

  • Default (http://xml.shavlik.com): Indicates you want to use the default location when downloading the files. The files are located at http://xml.shavlik.com.

  • Custom share or URL: You must specify the path name of the share or the URL of the Web site that will be used when downloading files. It is the administrator's responsibility to make the files available at this location.

  • Specific Distribution Server: You must select the name of the distribution server that will be used when downloading files. You must have previously configured one or more distribution servers in order for the names to be pre-populated in this box. The newest versions of engines and data files can be periodically downloaded and copied to the distribution servers using the server synchronization feature.

Note: There are unique credential requirements when using a distribution server as the download source. For more information see Configuring Distribution Servers.

Patch and Service Pack download source

You can specify where the latest patch and service pack files downloaded by this console are located. The available options are:

  • Vendor web sites: Patches deployed from the console are downloaded directly from the Web sites of the companies that author the patches. This is the default. The location of the Web sites are stored in the patch information file.

The other two download options are used if this console does not have an Internet connection or when the patches and service packs are being pre-downloaded to some central location.

  • Custom share or URL: If enabled, you must specify the path name of the share or the URL of the Web site that will be used when downloading files. It is the administrator's responsibility to make the files available at this location.

  • Specific Distribution Server: If enabled, you must select the distribution server that will be used when downloading patch files. You must have previously configured one or more distribution servers in order for the names to be pre-populated in this box. For more information see Configuring Distribution Servers.

This option is typically used by unattended console or disconnected console configurations. The patches and service packs are downloaded by a central console, which then pushes the files to the distribution server.

Note: One interesting but necessary side effect of enabling this option is that you will not be able to schedule an automatic synchronization for the distribution server you specify here. Why? Because in this particular case you do not want the console to synchronize with the distribution server. Doing so would cause the contents of the distribution server (the patches and service packs) to be overwritten by the contents of the console (which may not contain anything at all).

Schedule automatic downloads

You can configure the program to automatically download engines and definitions on a regular basis. This can speed your scan processes by making the necessary files available in advance of a scan.

  1. In the box in the Schedule automatic downloads pane, select the component you want to download.

The components that you can choose to download are:

  • Core engines/definitions: The latest versions of the patch scan engine, the asset scan engine, and all XML data files will be downloaded from the download source.

  • Threat engines/definitions: The latest versions of the threat scan engine and all XML data files will be downloaded from the download source.

  1. Click Add.

The Schedule Download dialog appears.

  1. Specify when you want the download to occur.

  2. Click Save.

The new scheduled download entry appears. At the scheduled time, the appropriate engines and definition files will be downloaded to the console.