Aurora Endpoint Security

You can use update rules to manage updates of the Aurora Protect Desktop and Aurora Focus agents on devices. Update rules allow you to configure Aurora Endpoint Security to automatically push updates to a specific version or the latest available version, or you can turn off automatic updates so that you can manage the software distribution using your organization’s preferred method.

Manage updates for the Aurora Protect Desktop and Aurora Focus agents

Zones are associated with update rules, so that devices and users that are part of those zones receive updates accordingly (also known as zone-based updating). By default, the Test, Pilot, and Production update rules are available but you can also add additional update rules to manage agent updates based on your organization's needs.

The agent version on the device is updated to the version that is specified in the update rule only if it is compatible with the device and is part of the supported upgrade path. For devices running an agent version earlier than 3.4.1000, you can use update rules to install an earlier version of an agent, even if the device is already using a newer version. After a successful upgrade to version 3.4.1000 or later, you cannot use update rules to install an earlier version of the agent.

If the Linux driver on a device was previously updated manually on a device, the driver is not automatically updated as part of the agent update. This is to prevent the automated system from overwriting an action taken by an administrator.

Note: Automatic updates are not currently supported for the Aurora Focus agent for Linux.

Review the Upgrade paths for the Aurora Protect Desktop 3.x agent and the OS compatibility matrix for the Aurora Protect Desktop agent.
Create zones that you want to assign to an update rule. For example, you can create zones with devices reserved for testing agent updates. You should associate these zones with the Test and Pilot update rules to test them. You can also create your own update rules for testing or for production deployment. For more information about creating zones, see Add and configure a zone.

In the management console, on the menu bar, click Settings > Update.
If necessary, create an update rule. For example, you can create a rule for testing agent updates.
1. Click Add New Rule.
2. Type a name for the rule.
3. Click Submit.
Click an update rule. For example, click Test.
Expand Zones and select the zones that you want to assign to this update rule.
Expand Agent and select an update option for the Aurora Protect Desktop agent.

Note: If you are upgrading the agent, you must set the update option to follow the supported upgrade path until you reach the desired version. Reboot the device after each update. Verify which version of the agent is installed before setting the update rule to the next version in the upgrade path. After a successful upgrade to version 3.4.1000 or later, you cannot downgrade to an older version using the updater.
For supported upgrade paths, see Upgrade paths for the Aurora Protect Desktop 3.x agent. For OS compatibility information for each version of the agent, see Compatibility matrix: Aurora Protect Desktop agent.

Note: If you do not want to update the agent version on a device, use the Do not update setting. You must also make sure that the device is not in another zone with another update rule (including the Production rule) that specifies an update to the agent (auto-update or a specific version). If a device is in a zone with an update rule that specifies an update, it will be updated. If a device is associated with multiple update rules that specifies an update, the agent will be updated according to the rule with the highest rank.
Select the Auto-Update Linux Driver check box to allow the agent to automatically update to the latest driver to support the latest Linux kernel. The Auto-update Linux Driver feature requires Aurora Protect Desktop agent version 3.1.1000 or later and the agent driver version 3.1.1000 or later.
Expand Aurora Focus and select an update option.
- You can select Auto-Update only if you configured the Aurora Protect Desktop agent to use Auto-Update.
- Automatic updates are not currently supported for the Aurora Focus agent for Linux.
Note: After a successful upgrade to version 3.4 or later, you cannot downgrade to an older version using the updater.
Repeat the previous steps for:
- The Pilot update rule, or a rule that you created for pilot testing.
- The Production update rule, or a rule that you created for production. You don't assign zones to the default Production update rule because it applies to all devices that are not in a zone with an update rule.
  If the Aurora Protect Desktop agent is set to Auto-Update in the Production update rule, the Test and Pilot rules are not available. Update rules that you create are not affected by the configuration of the Production update rule.
Click Save.

If you added update rules, click the arrows next to the rules to set the ranking. Rules at the top of the list take priority over rules lower on the list. The Test, Pilot, and Production rules are always at the bottom of the list and you cannot change their ranking. The Production update rule is applied to devices that aren't in any zone with an update rule, and devices in zones where none of the rules have a specified an update to the agent.
To trigger an update of the Aurora Protect Desktop agent on a device before the hourly interval, on the device, right-click the Aurora Protect Desktop icon in the system tray and click Check for Updates, restart the Cylance service, or run this command from the Cylance directory:
CODE
CylanceUI.exe –update
```
CylanceUI.exe –update
```
If memory protection, script control, or device control are enabled in the device policy, a reboot of the device after the agent installation or upgrade is recommended, but not strictly required. A reboot makes sure that any new policy settings take full effect.
If the assigned version of the agent cannot be installed on the device because it does not meet the system requirements or if the update does not use the supported upgrade path, then an indicator () appears in the Target Protect Version field when you view device details. To display the field in the legacy device grid, click on the right side, and then select it. Verify the target agent version with the OS version and the upgrade path.

Considerations for testing agent updates

These are the considerations when you want to test agent updates.

Arctic Wolf recommends that you test agent update rules using update rules and zones that were created for testing purposes (for example, using the Test and Pilot update rules) before using other update rules that you added for production deployment. When testing updates, consider using devices that are reserved for testing and evaluation purposes.
Create zones for testing agent updates and add devices that are reserved for testing to them. Associate the zones that you created with the Test and Pilot update rules. For more information about creating zones, see Add and configure a zone.
Make sure that all test devices are in a zone that you are testing. #160;The Production update rule applies to all devices that are not in a zone with another update rule associated.
If memory protection, script control, and/or device control are enabled in the device policy, a reboot of the device following the agent installation or upgrade is recommended, but not strictly required. A reboot will ensure that any new policy settings have taken full effect.

Update rule behavior with zones

Learn how agent update rules behave with zones.

Devices are associated with zones either by zone rules or by manual assignment.
Devices can be associated with multiple zones.
Zones are assigned to update rules. Devices that are assigned to those zones will follow the update rules.
Update rules are not specific to an operating system (OS) platform, but you can create zones to manage the updates of devices with specific OS platforms. If the agent version that is specified in the update rule is not available for a platform, the device receives the update as soon as it becomes available for the platform.
Update rules are ranked. If a device is associated with multiple zones that are assigned different update rules, the highest-ranked update rule that specifies an update to the agent (auto-update or a specific version) takes effect. If a device is in at least one zone with an update rule that specifies an update, the agent on the device will be updated accordingly. The Production update rule has the lowest rank and applies to devices that aren't in any zone with an update rule, and devices in zones where none of the rules have specified an update to the agent.

Examples of update rules

These examples illustrate update rules that are assigned zones that were created specifically for zone-based updates.


Update rule example	Assigned zones
Windows Server - Test	Windows Server - US Test update zone Windows Server - Europe Test update zone
Windows Server - Pilot	Windows Server - US Pilot update zone Windows Server - Europe Pilot update zone
Windows Server - Production	Windows Server - US Production update zone Windows Server - Europe Production update zone