Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method

Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method


Suggested methods for testing threats after updates to Dell Dell Endpoint Security Suite Enterprise Advanced Threat Protection.


Affected Products:

Dell Endpoint Security Suite Enterprise
Dell Threat Defense

Affected Versions

1371; 1391; 1.0.1; 1.2; 1.2.1392; 2.0.1451; 2.0.1452




Dell recommends users set their Agent Update to Auto-Update to get the latest features, enhancements and bug fixes the product has to offer.

When an organization needs to test a new agent or new model update before it is deployed to all of their devices, the Agent Update setting can be changed. This enables organizations to manually deploy new agent updates to test devices and review the results before updating the rest of their devices in their organization.

When testing new agent or new model updates, use devices or virtual machines that represent systems in your organization, using software that runs in your environment. Especially any custom-made software that is unique to your organization.

Note: Once the evaluation is complete, it is recommended to set the Agent Update to Auto-Update.

Deployment Procedures

File Size

Agent updates that do not include a new threat model only include the files needed by the Agent. On average, this is roughly 5MB per agent version. Agent updates that contain a new threat model are roughly 350MB. If you manually deploy Agents, a package is available from Dell Support.

Note: The Offline installer by Dell Support contains both an installer and an update package for 32 and 64 bit devices.

Simultaneous Device Updates

The number of simultaneous device updates is limited to 1000 devices at a time by default. This can be raised and lowered based on the needs of the environment. This is only possible to be done through Dell support. Please reference the contact information at the bottom of this KB article for contact information.

Reviewing Results:

For New Agent Updates:

Check the Device Details page for each test system, looking for items that are marked as Abnormal or Unsafe.

  1. Login to the Dell Data Protection Remote Management Console.
  2. Select Enterprise, then click on Advanced Threats, subsequently select Agents. The Agent Details page displays.
  3. Click on a device name from the Device List. The Device Details page displays.
  4. Look under Threats & Activities, review any items listed under Threats, Exploit Attempts, and Script Control (if enabled).
  5. For items that are considered Abnormal or Unsafe but should be allowed to run, you have a few options:
    • If the item should be allowed to run on all devices, then add it to the Global Safe List.
    • If the item should be allowed to run on a group of devices, but not all devices, then add it to a Policy Safe List.
    • If the item should be allowed to run on a single device, then Waive it for that device.

For New Model Updates:

Use the Production Status and New Status columns on the Protection page to review changes between the existing model and the new model. This will provide information about any Cylance Score changes to items in your organization.

  1. Login to the Dell Data Protection remote Management Console.
  2. Select Protection, then add the Classification, Production Status and New Status columns.
  3. Look for changes between the Product Status and New Status columns. If any changes would impact your organization, you can either Safelist or Quarantine the item at the level that makes sense (Global, Policy or Local).
Note: Leaving Auto-Update disabled means your Agents will not be receiving any new features, enhancements or bug fixes until you decide to update. With updates occurring frequently, Agents become outdated very quickly.

For support, US-based customers may contact Dell Data Security ProSupport at 877.459.7304, Option 1, Ext. 4310039, or via the Chat Portal. To contact support outside the US, reference ProSupport’s International Contact Numbers. For additional insights and resources, visit the Dell Security Community Forum.


Identificateur de l'article : SLN303738

Date de la dernière modification : 06/27/2018 12:02 PM


Évaluer cet article

Précis
Utile
Facile à comprendre
Cet article était-il utile?
Oui Non
Envoyez-nous votre évaluation
Les commentaires ne peuvent pas contenir ces caractères spéciaux : <>()\
Désolés, notre système d’évaluation n’est pas accessible actuellement. Veuillez réessayer plus tard.

Nous vous remercions pour vos commentaires.