Consulta de temas

Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method

Suggested methods for testing threats after updates to Dell Dell Endpoint Security Suite Enterprise Advanced Threat Protection.

Affected Products:

Dell Endpoint Security Suite Enterprise
Dell Threat Defense

Affected Versions

1371; 1391; 1.0.1; 1.2; 1.2.1392; 2.0.1451; 2.0.1452

Dell recommends users set their Agent Update to Auto-Update to get the latest features, enhancements and bug fixes the product has to offer.

When an organization needs to test a new agent or new model update before it is deployed to all of their devices, the Agent Update setting can be changed. This enables organizations to manually deploy new agent updates to test devices and review the results before updating the rest of their devices in their organization.

When testing new agent or new model updates, use devices or virtual machines that represent systems in your organization, using software that runs in your environment. Especially any custom-made software that is unique to your organization.

Note: Once the evaluation is complete, it is recommended to set the Agent Update to Auto-Update.

Deployment Procedures

File Size

Agent updates that do not include a new threat model only include the files needed by the Agent. On average, this is roughly 5MB per agent version. Agent updates that contain a new threat model are roughly 350MB. If you manually deploy Agents, a package is available from Dell Support.

Note: The Offline installer by Dell Support contains both an installer and an update package for 32 and 64 bit devices.

Simultaneous Device Updates

The number of simultaneous device updates is limited to 1000 devices at a time by default. This can be raised and lowered based on the needs of the environment. This is only possible to be done through Dell support. Please reference the contact information at the bottom of this KB article for contact information.

Reviewing Results:

For New Agent Updates:

Check the Device Details page for each test system, looking for items that are marked as Abnormal or Unsafe.

  1. Login to the Dell Data Protection Remote Management Console.
  2. Select Enterprise, then click on Advanced Threats, subsequently select Agents. The Agent Details page displays.
  3. Click on a device name from the Device List. The Device Details page displays.
  4. Look under Threats & Activities, review any items listed under Threats, Exploit Attempts, and Script Control (if enabled).
  5. For items that are considered Abnormal or Unsafe but should be allowed to run, you have a few options:
    • If the item should be allowed to run on all devices, then add it to the Global Safe List.
    • If the item should be allowed to run on a group of devices, but not all devices, then add it to a Policy Safe List.
    • If the item should be allowed to run on a single device, then Waive it for that device.

For New Model Updates:

Use the Production Status and New Status columns on the Protection page to review changes between the existing model and the new model. This will provide information about any Cylance Score changes to items in your organization.

  1. Login to the Dell Data Protection remote Management Console.
  2. Select Protection, then add the Classification, Production Status and New Status columns.
  3. Look for changes between the Product Status and New Status columns. If any changes would impact your organization, you can either Safelist or Quarantine the item at the level that makes sense (Global, Policy or Local).
Note: Leaving Auto-Update disabled means your Agents will not be receiving any new features, enhancements or bug fixes until you decide to update. With updates occurring frequently, Agents become outdated very quickly.

For additional support, US based customer can call Dell Data Security ProSupport at: 877.459.7304 Ext. 4310039 or you may also contact us via the Chat Portal. For support outside the US, reference ProSupport’s International Contact Numbers list. Visit the Dell Security Community Forum to get insights from other community members and additional resources to help you manage your environment.

Identificación del artículo: SLN303738

Última fecha de modificación: 10/20/2017 10:38 AM

Califique este artículo

Fácil de comprender
¿Este artículo fue útil?
Envíenos sus comentarios
Los comentarios no pueden contener estos caracteres especiales: <>"(", ")", "\"
Disculpe, nuestro sistema de comentarios está actualmente inactivo. Vuelva a intentarlo más tarde.

Muchas gracias por sus comentarios.