Environment
- App Control Server: All Supported Versions
- App Control Rules Installer: All Supported Versions
Question
Does updating the Rules Installer on the App Control Server result in a Cache Consistency Check on the endpoints?
Answer
Yes, the Rules Installer typically contains Yara Rule updates that must be pushed to the Agents. These Yara Rule updates will require a Cache Consistency Check (CC3) in order for the new Yara Rules to be correctly applied to existing files on the endpoint.
Additional Notes
- The CC3 will scan all files on the endpoint and apply the new Yara Rules against all existing files. This is similar to the Initialization process on the endpoints.
- The CC3 should not be avoided entirely, and must be run in order for the new Rules to be applied on existing files.
- If necessary the CC3 could be delayed by temporarily using the agent_config value: cc3_on_yara_rule_change=0
