Feb
24

What is the difference between a Virus Signature Database update and a Program Component Update (PCU)?

Posted by eset Comments (1)

Virus Signature Database and module updates:

Your ESET security product downloads Virus Signature Database updates daily. These updates ensure that you are protected against the latest known threats that could potentially harm your machine. The updates consist of the latest released malware signatures which are added to your product’s database. The update is an incremental update, meaning it is only necessary to download the new virus signatures, as opposed to the entire database. Also released with virus signature database updates is an occasional module update. A module update is the latest version of a part of your ESET security product’s architecture.

Program Component Update (PCU):
Separate from a virus signature database update and module update is a Program Component Update (PCU). A PCU is the latest complete version of the ESET security product. These are rarely pushed to customers like a virus signature database update or module update but can be found at the ESET Download page. Refer to the following Knowledgebase article if you receive a notification informing you of an automatic PCU:

I receive a “Program component upgrade” message for version 3.0.695, what should I do? (3.0)
If you would like a more in-depth explanation of the above updates, please continue reading below.

Figure 1-1

Detailed Explanation:
Your ESET security product is designed to function as an extensible framework. There is a base product, the engine, which consists of the kernel service and some other components such as filter drivers. The user interface and the online help files are also components of the base product.

The engine, which is part of the base product, makes extensive use of modules. An ESET security product module is a kind of library which performs or provides various functions such as an antivirus/spyware, de-archiving (parsing of compression formats), advanced heuristics/emulation, self-defense, firewall and antispam.

The engine and modules make use of signature updates, which allow them to prevent, detect and remove malware. Although they are commonly referred to as “Virus Signature Database updates” the actual amount of “classic” parasitic file infecting viruses is small when compared to the agents, bots, password stealers, Trojans, worms and other forms of malware that appear on a daily basis. It is better to think of this as a malware signature database. Exploits and threats are detected as well by the program, which are used to introduce malicious code into a system but do not contain the malware themselves (i.e., web-based attacks, etc.).

When an ESET program downloads a Virus Signature Database update, it is typically downloading a new list of signatures for the aforementioned threats. However, since ESET uses a modular architecture, updates to the modules (libraries) can also be distributed at the same time. Either can be provided via conventional means, however, it would be unusual to perform a module update by itself as they are typically distributed in-line (“piggy-backed”) with signature database updates.

Virus signature update information is displayed in the primary window of the graphical user interface. It can also be viewed by mousing over the ESET icon in the Windows notification area by the system clock. In addition to those in-program mechanisms, virus signature updates are announced on an RSS feed. It can be viewed or subscribed to by visiting ESET’s ThreatSense┬« Updates page.

Signature and module updates, though, do not update the parts of the program which make up the framework, such as the engine, user interface and online help. In order to update those components, a PCU must occur. When a PCU occurs, the program downloads a complete copy of the latest version and runs it to perform an upgrade.

Categories: ESET Knowledge

One Response to “What is the difference between a Virus Signature Database update and a Program Component Update (PCU)?”

  1. I usually do not leave a response, but after reading through a bunch of comments here What is the difference between a Virus Signature Database update and a Program Component Update (PCU)? NNVV.org. I do have 2 questions for you if it’s allright. Could it be simply me or does it give the impression like a few of the comments look like they are written by brain dead people? :-P And, if you are writing on additional sites, I’d like to keep up with you. Could you list of the complete urls of all your shared pages like your twitter feed, Facebook page or linkedin profile?

Leave a Reply