Endpoint Protection

Hello All, I  Need your kind help in creating Host integrity policy for “ AV definition checking and windows patches” . while creating a policy I want that all clients which don’t have security patches can download patches from windows update server. Can you guide me in this regard. Thanks

HI will only check the condition, you and put as many KBs as possible in the checklist. coz its not windowsupate agent which would list all the applicable patches. 

Hello,

to set up HI Policy to check for a specific MS patch:

1. Add a new HI policy and name it
2. Select  Requirement and click on “Add” button
3. Select “Patch requirement” and name it
4. Type the “Patch name” for example: KB971468
5. Select the Operating System. For example: Windows 7 Professional /Ultimate/ Enterprise
6. Review the other settings according to your needs
7. Save and close the policy
 

Thanks Rafeeq for your reply. How can we do the same for AV Defs ?

See below Vikram articles SNAC Self Enforcement for Virus Definition Compliance https://www-secure.symantec.com/connect/articles/SNAC-Self-Enforcement-Virus-Definition-Compliance Hope this articles help you. How to install a *.msu file using a Host Integrity (HI) policy. Article:TECH167875|Created: 2011-08-23|Updated: 2011-09-14|Article URL http://www.symantec.com/docs/TECH167875

With HI policy you can set this up

Antispyware Signature File Checking
 To check if a signature file is up to date, you can choose one or both options. If you select both, both conditions must be satisfied to meet the requirement.

Specify the oldest age of the signature file:

This option lets you select a relative time value of days or weeks.

Check the signature file date

This option lets you select a specific date and apply Boolean logic to the date.

If not, update the signature file

This option lets you update the signature file if it is out of date based on your settings for date. You can specify the download URL. In the execute command field, enter the following: %F%