Views:

View, manage, and rollback rule updates.

The Rule Updates screen provides a list of the most recent Intrusion Prevention, Integrity Monitoring, and Log Inspection Rules downloaded to the Server & Workload Protection database. You can view details for updates or delete, rollback, and export rule updates. To access the list, go to Administration Updates Component Rules.
Tip
Tip
To check which rule update version a relay is distributing, go to Computers, double-click the relay, and go to Updates. If Anti-Malware is enabled, the pattern version for that computer is also displayed.
If your Server & Workload Protection Manager is enrolled in version control policies, the relay displays the currently assigned update policy.
The follow table details the actions you can take:

Action
Description
Delete a rule update
Select a rule update and click Delete...
Deleting a rule update removes the package from the database.
View rule update details
Select a rule update and click View
Clicking View opens a new window with details about the update version and update contents.
Rollback rule updates
Select a rule update and click Rollback...
If a recent update is causing issues, you can rollback rule updates to the previous version.
Export a rule update
Select a rule update and click Export
Trend Micro recommends only using this action when asked by your support provider.
Import a rule update
Click Import to import a rule update
This action is not available to all consoles and is only used for importing updates in air-gapped environments or when asked by your support provider.
Reapply a rule update
Right click the rule update with the check icon (
check=cc625691-c961-4102-a09e-6f7d842323d9.png
) in the Applied column and select Reapply
Use this action to reapply the current rule update to your protected computers.
Important
Important
You can only rollback applied updates.
Policies affected by the rollback automatically revert on all computers using the policies.
Component update packages must have a valid digital signature. If you try to view or use an invalid package (including old component updates that don't have a signature), then Server & Workload Protection displays an error message. See How Server & Workload Protection validates update integrity.