As Dameon said there normally isn't a big patterns/signature database downloaded and used by AV/ABOT, unlike APCL and IPS. Constant interaction with the ThreatCloud keeps a memory cache up to date with all the latest AV/ABOT updates automatically, so there is no real need to "force" an update most of the time.
However a situation can arise where a value held in the AV/ABOT cache is improperly blocking something causing a false positive. In that case you can create an exception, or a Custom Threat Indicator matching the traffic set to "Inactive" to work around the issue. If you suspect this is a "bad" or malfunctioning entry you can force an immediate refresh of all items in the cache, hoping that Check Point has cleared the problem:
Anti-Virus: sed -i "1s/.*/100/" $FWDIR/amw_kss/update/next_update
Anti-Bot: sed -i "1s/.*/100/" $FWDIR/amw/update/next_update
Note that the "1s" in the sed commands above is a number 1 followed by the letter "s". See here for more detail: sk143972: How to trigger an update for Application Control / Anti-Virus /Anti-Bot / IPS
In the extreme case you can also completely flush the AV/ABOT cache; note that doing this will cause a huge flurry of requests to the ThreatCloud sent by the RAD daemon, and could cause a brief but noticeable performance impact as the cache repopulates if Hold mode is set:
sk105179: How to clear Anti-Virus and Anti-Bot kernel cache
Gateway Performance Optimization R81.20 Course
now available at maxpowerfirewalls.com