Updates to Dell Endpoint Security Suite Enterprise or Dell Threat Defense may cause changes in how threats are evaluated
Dell Endpoint Security Suite Enterprise
Dell Threat Defense
1371; 1391; 1.0.1; 1.2; 1.2.1392; 2.0.1451; 2.0.1452
Dell Data Protection's Advanced Threat Protection products; Dell Threat Defense, and Dell Endpoint Security Suite Enterprise may have occasional updates that change how threats are evaluated. These updates are commonly referred to as "model" updates, as they are updates to the threat model.
This model receives periodic updates to improve detection rates. To help users know how a new model might affect their organization, there are two columns on the Protection page in the Console. You can use the "Production Status" and "New Status" comparison to see which files on your devices might be impacted by the model change.
Users should test the new models before a full production roll-out. This should minimize any unintended outages cause by model changes.
New Protection Columns
The two columns are: "Production Status" and "New Status":
Only files found on device in your organization and that have a change in its Threat Score are displayed. Some files might have a Score change but still remain within its current Status.
The Threat Score for a file goes from 10 to 20, the file status would remain Abnormal and the file will appear in the updated model list (if this file exists on devices in your organization).
To view the Current Model and New Model columns:
You can now review differences between the two Threat Models.
The two scenarios you should be aware of are:
In the above scenarios, the recommendation is to Safelist the files you want to allow in your organization.
To identify classifications that could impact your organization, we recommend the following approach:
Recommended Production Roll-out
This section outlines strategies to help users upgrade to a newer predictive model. It is highly recommended to assign Agents to a Policy with Auto-Quarantine enabled for Unsafe and Abnormal files.
Auto-Updates with Auto-Quarantine
If Agents are set to Auto-Update, you should disable auto-updates for agents when new predictive models are released. If it is not possible to disable Auto-Quarantine or test the new Agent, alert you're Dell Data Protection Administrators. They may Safelist items that are misclassified to unblock users.
Manual Updates with Auto-Quarantine
If you manually update Agents, then Auto-Update is not a concern. It is recommended that you use the following instructions before updating your Agents.
For additional support, US based customer can call Dell Data Security ProSupport at: 877.459.7304 Ext. 4310039 or you may also contact us via the Chat Portal. For support outside the US, reference ProSupport’s International Contact Numbers list. Visit the Dell Security Community Forum to get insights from other community members and additional resources to help you manage your environment.
Article ID: SLN303737
Last Date Modified: 10/20/2017 10:36 AM