The ePO database contains Host Intrusion Prevention security content data, such as signatures, which is displayed in Host intrusion Prevention policies. Host Intrusion Prevention supports multiple versions of agent content and code, with the latest available content appearing in the ePO console. New content is always supported in subsequent versions, so content updates contain mostly new information or minor modifications to existing information.
Updates are handled by a content update package. This package contains content version information and updating scripts. Upon check-in, the package version is compared to the version of the most recent content information in the database. If the package is newer, the scripts from this package are extracted and executed. This new content information is then passed to agents at the next agent-server communication.
The basic process includes checking in the update package to the ePO Repository, and then sending the updated information to the agents.