Endpoint Protection

 View Only

  • 1.  How long do you wait before virus definitions on individual clients are considered "out of date" and becomes a concern?

    Posted Jan 23, 2015 11:24 AM

    We've recently had some internal discussions regarding what is considered "out of date" with regards to virus definitions.  So for example, your SEPM is current with today's date for definitions, and the definitions propagate out to clients.  After several hours, you as the administrator of the SEPM notice you have several clients that show as being online, but their defs don't match what the SEPM says is current.  I'm curious what other companies think and how they respond when clients show up on the SEPM with definitions that are not current and how long they wait to investigate.  If possible, please state how large your environment is when responding.  We're a fairly decent size enterprise with over 20,000 monitored devices if that helps add some scope to what we have.



  • 2.  RE: How long do you wait before virus definitions on individual clients are considered "out of date" and becomes a concern?

    Posted Jan 23, 2015 11:30 AM

    7 days. That's roughly 17 missed revisions, that's alot of malware!



  • 3.  RE: How long do you wait before virus definitions on individual clients are considered "out of date" and becomes a concern?

    Posted Jan 30, 2015 04:07 AM

    3day old definition. We have configure the notification according to that time period
     



  • 4.  RE: How long do you wait before virus definitions on individual clients are considered "out of date" and becomes a concern?

    Posted Jan 30, 2015 06:45 AM

    5 Days... After which it is a RED alert!



  • 5.  RE: How long do you wait before virus definitions on individual clients are considered "out of date" and becomes a concern?

    Posted Jan 31, 2015 02:44 AM

    All of the sites has own process and time period defined. You are require to discuss with your management and after that follow the time creteria according to it.

    Symantec have release the daily 3 definition where some new patches add which can save the network for new coming viruses. So you can define the time to set the point on your mind.



  • 6.  RE: How long do you wait before virus definitions on individual clients are considered "out of date" and becomes a concern?

    Posted Jan 31, 2015 03:51 AM

    Out of date is a serious issue which has to be addresses at the same priority that one would show towards a virus infection atleast that what we do. Having a outdated antivirus is delt as a gun without a bullet in our organization cause as a AV administrator that our first job.

     

    AV defs distribution is your environment i totally on how you propose the importance of AV defs to the management and what the management decides and the main thing your bandwidth. If you have a low bandwidth and your gonna push all three updates in the day for all your clients, man network team would be standing on your neck. I would say at the least make sure defintion of that particular day updated on all your clients. The best practice would be to update all the defs released. 

     

    In our environment if a client is noticed that its outdated more than five days we treat it like a virus infection and remediate it immediately. When it comes to server it has to be updated with the latest defintion period.

     

    Client compliance is best if its updated on the same day at the most a two or three days behind more than that would mean your inviting trouble one day or the other in the future in a big way.

     

    Server Compliance has to be always in 100% same day update.

     

    Hope this helps.

     

    Cheers.