Threat definition updates

GFI LanGuard definition updates are important to run at regular intervals to ensure that any updates, as released by vendors, are detected and reported back by GFI to your solution. The UpdateAgent Method exposes an out parameter in which the results XMLAn open text standard used to define data formats. GFI LanGuard uses this standard to import or export scanned saved results and configuration. are built. It is synchronous and the update process will not return a value, until it ends.

GFI recommends triggering a GFI LanGuard Agent update session, immediately after the installation. This ensures that agents:

  • Acquire the latest patch definition files from GFI. This ensures that scans always detect the latest missing patches
  • Acquire the latest vulnerability definitions as soon as they become available from GFI
  • Acquires product updates to fix bugs which surfaced after GFI LanGuard SDK was released.

With the increasing number of sophisticated cyber threats occurrences, GFI recommends you to check for updates once every 24 hours on every end-point or designated concentrator.

A lesson learned by GFI is to trigger agents to check for updates at random time intervals. Configuring agents to check for and download updates simultaneously, causes undesired network bandwidth problems if a significant number of downloads occur at the same time. Randomizing the update times is enough to smoothen out the update operation, effectively making the process unnoticeable.


  • GFI LanGuard Agents connect to * to retrieve threat definition updates. Ensure that this URLThe Uniform Resource Locator is the address of a web page on the world wide web. is not blocked by your firewall and/or web gateway.
  • GFI LanGuard definition updates do not include patches and service packs as release by Microsoft and other vendors over time. These patch updates are treated separately to all of the above.