Updating engines

Applies to: Microsoft Antigen

It is recommended that you use the UNC method of updating your engines. That is, have one server receive updates from the Microsoft® HTTP server, and then share those updates among the other servers in your environment. After one server receives an engine update, it can share that update with any other server whose network update path points to it. This can save significantly on Internet bandwidth and make your updates quicker and more efficient.

To use the UNC updating method, see the File scanner updating overview chapter in the Microsoft Antigen for Exchange User Guide at the Microsoft Antigen TechNet Library.

Updates should be staggered across an environment so that the Gateway layer updates its engines first, with the back end servers updating their engines later in the hour. Then, if an update causes unexpected behavior, you have whatever time interval that you have specified (for example, 30 minutes) to ensure that the problematic update does not get to the back-end servers. It is recommended that you stagger updates a minimum of 15 minutes apart.

Be aware of the specifics of the engines that you are using. Some virus labs routinely release signatures more frequently than others, although all labs respond to a major outbreak with more frequent updates. The update schedule for any engine that updates more frequently than others should be set accordingly.

Even if you are not using a particular engine, you should update the engine once a day, so that if you need to activate it, the signatures will be up-to-date.