Updating agents

There are two types of agent updates:

  • Upgrade to a standard version of SES Evolution which distributes the new SES Evolution version to the agents.

  • Upgrade to an LTSB version of SES Evolution which enables a patch version to be distributed to agents on workstations with operating systems not supported as standard. For further information, see the SES Evolution product life cycle document.

Once you have updated SES Evolution with the Installation Center or imported an LTSB patch version, you can then apply this version to one or more agent groups via the administration console. If some agents are not connected to the agent handler or if you do not require an automatic update, apply the new version to them manually.

An update should be applied to a group of test agents first, in order to test it. You can then apply it to your production groups.

To downgrade agents to an earlier software version of SES Evolution, ensure that the option Allow downgrading to older version is enabled in Choosing agent update settings.

The Agent groups - Modify privilege is required to update agents.

This procedure only applies if you want to update an agent group with the LTSB version of SES Evolution.

  1. In your MyStormshield client area, Downloads section, download the LTSB agent patch.

  2. Select the Environment > Agents menu, then select the agent group to be updated to LTSB version.

  3. On the Agents tab, click on Patch versions > Import an agent patch.

  4. Select the .zip.p7 file, then click on Open.

  5. Depending on your situation, follow either of the procedures below.

This procedure applies if you want agent handlers to automatically update agents during a new deployment. Otherwise, disable the Automatically apply software updates option in the menu shown below. See the two sections below for manual updates.

  1. Select the Environment > Agents menu, then select the agent group to be updated.
  2. In the Version section of the Settings tab, a message will inform you that a new version is available. Choose the new version to apply to agents in this group.
  3. Click on Save at the top right of the window to save changes.
  4. In Security > Deployment, click on Deploy.
    The new configuration will be applied to agents in the group the next time they connect to the agent handler.
    You can apply the update to the agent more quickly by clicking on Check for updates in the agent interface. For further information, refer to Understanding the agent interface on workstations.

If your agent is not connected to the agent handler or if you wish to control your agent updates, you must generate an installer and run it manually on the agents, as you would do during initial deployment. For more information, see Installing agents on workstations.

When updating, not only is the new software version applied to an agent, but also the new configuration version, including security policies and agent group configuration.

To ensure a successful update:

  • The updated agent must belong to the agent group for which the installer was generated,
  • The version of the configuration (e.g., policies and agent group configuration) included in the update must be more recent than the version of the agent’s configuration.

If you do not meet these conditions, force an update on the agent.

With a standard installer, the configuration of an agent group cannot be applied to agents that do not belong to this group. The installer also does not allow downgrades to an earlier configuration version. For this, you must perform a forced agent update. It is better for the agent to be disconnected from the agent handler when you force an update, because the next time the agent connects to the agent handler, the agent will go back to the group that was initially assigned to it.

  1. Select the Environment > Agents menu, then select the agent group that you want to apply to the agent.
  2. In the Agents tab, click Installer > Forced update > Generate 64-bit installer.
  3. Save the AgentSetup_x64.exe installation file to the location of your choice and run it on the agent as in an initial deployment. For further information, refer to Installing agents on workstations.
  4. If you want to prevent the agent from returning to its original agent group the next time it connects to the agent handler, move the agent to the desired group before it reconnects. For further information, refer to the section Moving agents from one group to another.

Force an update if agents in Maintenance mode need to be updated. For further information on Maintenance mode, refer to the section Understanding self-protection on agents and performing maintenance operations.