Baza wiedzy

Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method

Suggested methods for testing threats after updates to Dell Dell Endpoint Security Suite Enterprise Advanced Threat Protection.

Affected Products:

Dell Endpoint Security Suite Enterprise
Dell Threat Defense

Affected Versions

1371; 1391; 1.0.1; 1.2; 1.2.1392; 2.0.1451; 2.0.1452

Dell recommends users set their Agent Update to Auto-Update to get the latest features, enhancements and bug fixes the product has to offer.

When an organization needs to test a new agent or new model update before it is deployed to all of their devices, the Agent Update setting can be changed. This enables organizations to manually deploy new agent updates to test devices and review the results before updating the rest of their devices in their organization.

When testing new agent or new model updates, use devices or virtual machines that represent systems in your organization, using software that runs in your environment. Especially any custom-made software that is unique to your organization.

Note: Once the evaluation is complete, it is recommended to set the Agent Update to Auto-Update.

Deployment Procedures

File Size

Agent updates that do not include a new threat model only include the files needed by the Agent. On average, this is roughly 5MB per agent version. Agent updates that contain a new threat model are roughly 350MB. If you manually deploy Agents, a package is available from Dell Support.

Note: The Offline installer by Dell Support contains both an installer and an update package for 32 and 64 bit devices.

Simultaneous Device Updates

The number of simultaneous device updates is limited to 1000 devices at a time by default. This can be raised and lowered based on the needs of the environment. This is only possible to be done through Dell support. Please reference the contact information at the bottom of this KB article for contact information.

Reviewing Results:

For New Agent Updates:

Check the Device Details page for each test system, looking for items that are marked as Abnormal or Unsafe.

  1. Login to the Dell Data Protection Remote Management Console.
  2. Select Enterprise, then click on Advanced Threats, subsequently select Agents. The Agent Details page displays.
  3. Click on a device name from the Device List. The Device Details page displays.
  4. Look under Threats & Activities, review any items listed under Threats, Exploit Attempts, and Script Control (if enabled).
  5. For items that are considered Abnormal or Unsafe but should be allowed to run, you have a few options:
    • If the item should be allowed to run on all devices, then add it to the Global Safe List.
    • If the item should be allowed to run on a group of devices, but not all devices, then add it to a Policy Safe List.
    • If the item should be allowed to run on a single device, then Waive it for that device.

For New Model Updates:

Use the Production Status and New Status columns on the Protection page to review changes between the existing model and the new model. This will provide information about any Cylance Score changes to items in your organization.

  1. Login to the Dell Data Protection remote Management Console.
  2. Select Protection, then add the Classification, Production Status and New Status columns.
  3. Look for changes between the Product Status and New Status columns. If any changes would impact your organization, you can either Safelist or Quarantine the item at the level that makes sense (Global, Policy or Local).
Note: Leaving Auto-Update disabled means your Agents will not be receiving any new features, enhancements or bug fixes until you decide to update. With updates occurring frequently, Agents become outdated very quickly.

For support, US-based customers may contact Dell Data Security ProSupport at 877.459.7304, Option 1, Ext. 4310039, or via the Chat Portal. To contact support outside the US, reference ProSupport’s International Contact Numbers. For additional insights and resources, visit the Dell Security Community Forum.

Identyfikator artykułu: SLN303738

Data ostatniej modyfikacji: 06/27/2018 12:02 PM

Oceń ten artykuł

Łatwe do zrozumienia
Czy ten artykuł był przydatny?
Tak Nie
Wyślij nam swoją opinię
Komentarze nie mogą zawierać znaków specjalnych: <>()\
Niestety, nasz system przekazywania opinii jest obecnie niedostępny. Spróbuj ponownie później.

Dziękujemy za uwagi.