A managed Anti-Exploit client can be updated multiple ways while still maintaining communication with the Management Console.
The first way is to enable automatic updates in your policies in the Management Console. This will allow Anti-Exploit clients to update themselves if a newer version is available.
The second is when a new Management Console version is released, it may contain an updated Anti-Exploit client. You must perform a client push install over the top of the existing clients. (Instructions here.)
Alternatively, you can export an updated client package from an updated console, then use that for a manual upgrade on the client. (Instructions for exporting a client package here.)
Finally, you can also grab the latest Anti-Exploit version and manually upgrade on the client itself. You can find the download for this here.