Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Does updating the Rules Installer on the console result in a Cache Consistency check on the endpoints?

App Control: Does updating the Rules Installer on the console result in a Cache Consistency check on the endpoints?

Environment

  • App Control Server: All Versions
  • App Control Rules Installer: All Versions

Question

Does updating the Rules Installer on the App Control console result in a Cache Consisntecy check on the endpoints?

Answer

Yes, the Rules Installer typically contains Yara rule updates that must be pushed to the endpoints. These rule updates will require a Cache Consistency Check (CC3) in order for the new rules to be correctly applied to existing files.

Additional Notes

  • The CC3 will scan all files on the endpoint and apply the new Yara rules against all existing files. This is similar to the initialization process on the endpoints.
  • The CC3 should not be avoided entirely, and must be run in order for the new rules to be applied on existing files. It could be delayed by temporarily using the agent_config value: cc3_on_yara_rule_change=0

Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎11-16-2020
Views:
329
Contributors