Endpoint Protection

Hello,

I'd like to ask you if this is expected behaviour, that IPS definitions are updating even on machines where IPS has been disabled by policy?

In my company we deploy SEP agent to workstations with full feature set. After deploymen we decide to disable IPS on small group of machines. Since then IPS definitions are still downloading (SEP Manager says so). On some of machines from this group definitions are not up to date - but as far as I understand when IPS is disabled by policy it is not used on affected machine, right?!

Please take a look on screen below:

best regards

Unless the component is removed they will still download and install. They would be available should apply an IPS policy. With the policy withdrawn, IPS is not in use.

Hi SecurityGIV,

Thanks for the post.  This sounds like it is by design to me.  SEP should be able to provide effective protection whenever enabled- if the policy is toggled to put IPS into use, SEP should not initially be trying to battle today's threats with outdated definitions.

Hope this helps!

Mick

Thanks for your answers. Summarizing, this is expected behaviour - IPS definitions will be downloading even on clients where IPS protection is disabled by policy. 

What if on some clients this IPS definitions are out of date (ips protection is also disabled)? Should I intervene on affected machines or keep it as  it is? Manually update definition or it doesn't matter?

You can leave alone until if/when you decide to use it.

Thanks!

You're welcome.