What is the difference between a Virus Signature Database update and a Program Component Update (PCU)?

KB Solution ID: SOLN2256|Last Revised: September 30, 2014

Virus Signature Database and module updates:
Your ESET security product downloads Virus Signature Database updates daily. These updates ensure that you are protected against the latest known threats. The updates consist of the latest released malware signatures which are added to your product's database. Occasionally, product module updates are included with Virus Signature Database updates. Module updates contain the latest version of a part of your ESET security product's architecture.

Program Component Update (PCU):
Separate from virus signature database and module updates, a Program Component Update (PCU) is the latest complete version of an ESET security product. These are pushed to customers like a virus signature database update or module update, but are released much less often. PCU updates are available from the ESET Download page if you need to download them to distribute to clients. Refer to the following Knowledgebase article if you receive a notification informing you of an automatic PCU update:

For a more in-depth explanation of the above updates, please continue reading below.



Figure 1-1

Detailed Explanation:
Your ESET security product is designed to function as an extensible framework. There is a base product, the engine, which consists of the kernel service and some other components such as filter drivers. The user interface and the online help files are also components of the base product.

The engine, which is part of the base product, makes extensive use of modules. An ESET security product module is a kind of library which performs or provides various functions such as an antivirus/spyware, de-archiving (parsing of compression formats), advanced heuristics/emulation, self-defense, firewall and antispam.

The engine and modules make use of signature updates, which allow them to prevent, detect and remove malware. Although they are commonly referred to as "Virus Signature Database updates" the actual amount of "classic" parasitic file infecting viruses is small when compared to the agents, bots, password stealers, Trojans, worms and other forms of malware that appear on a daily basis. It is better to think of this as a malware signature database. Exploits and threats are detected as well by the program, which are used to introduce malicious code into a system but do not contain the malware themselves (i.e., web-based attacks, etc.).

When an ESET program downloads a Virus Signature Database update, it is typically downloading a new list of signatures for the aforementioned threats. However, since ESET uses a modular architecture, updates to the modules (libraries) can also be distributed at the same time. Either can be provided via conventional means, however, it would be unusual to perform a module update by itself as they are typically distributed in-line ("piggy-backed") with signature database updates.

Virus signature update information is displayed in the primary window of the graphical user interface. It can also be viewed by mousing over the ESET icon in the Windows notification area by the system clock. In addition to those in-program mechanisms, virus signature updates are announced on an RSS feed. It can be viewed or subscribed to by visiting ESET's ThreatSense® Updates page.

Signature and module updates, though, do not update the parts of the program which make up the framework, such as the engine, user interface and online help. In order to update those components, a PCU must occur. When a PCU occurs, the program downloads a complete copy of the latest version and runs it to perform an upgrade.

Rate this article:
1 2 3 4 5
Please comment on your rating...
We cannot respond to feedback from this form. Requests for assistance should be submitted through your normal support channel.
5 - Definitely
4 - Mostly
3 - Somewhat
2 - Not Really
1 - Not At All