Exploit Prevention signature content updates and remediation rollback version for troubleshooting
Last Modified: 2022-08-05 05:45:15 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
常に適応し続ける XDR エコシステムが企業を活性化するしくみをお伝えします。
Trellix の CEO を務める Bryan Palma が、常に学習するセキュリティが決定的に必要であることを力説します。
Magic Quadrant で、19 のベンダーについてビジョンの完全性と実行能力が評価されました。レポートをダウンロードして詳細をご覧ください。
Gartner によると、XDR は脅威の防止、検出、応答を改善する可能性を秘めた新しい技術です。
2022 年に注意が必要なサイバー セキュリティ脅威は?
サイバー セキュリティ業界に安穏の時はありません。今こそ、この考え方を、ビジネスの活性化につながる利点として、また推進剤として念頭に置くべきです。
サイバー セキュリティの世界で信頼される二大リーダーが 1 つになって、耐久性の高いデジタル ワールドを実現します。
Trellix の CEO を務める Bryan Palma が、常に学習するセキュリティが決定的に必要であることを力説します。
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Exploit Prevention signature content updates and remediation rollback version for troubleshooting
Technical Articles ID:
KB92136
Last Modified: 2022-08-05 05:45:15 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention Endpoint Security for Linux Threat Prevention (ENSLTP) 10.x ePolicy Orchestrator (ePO) 5.x Summary
Content update frequency for ENS Windows: ENS Exploit Prevention content updates for Windows agents are updated on the second Tuesday of every month, usually by 8 p.m. PST. This schedule is in correspondence with monthly Microsoft Windows Security Updates (Microsoft Patch Tuesday). Content update frequency for ENSLTP: ENSLTP Exploit Prevention content updates for Linux agents are updated once a quarter. This schedule is aligned with either of the following:
Release Notes: Exploit Prevention content release notes are viewable on the Security Updates page.
Rollback version: If there's an identified issue related to a new content update, a remediation (or rollback) signature set will be available. The remediation version restores the previous signature content version while incrementing the signature version number within the ePO repository. The increment of the signature version number is needed because there's no rollback option for Exploit Prevention agent signature updates. If you require the current content remediation version, contact Technical Support. To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Related Information
ENS Exploit Prevention content updates:
Exploit Prevention supports multiple versions of client content and code. The latest available content displays in the ePO console. New content is always supported in subsequent versions, so content updates contain mostly new information or minor changes to existing information.
A content update package handles updates. This package contains content version information and updating scripts. Upon check-in, the package version is compared to the version of the most recent content information in the database. If the package is newer, the scripts from this package are extracted and executed. This new content information is then passed to clients at the next agent-server communication.
Updates include data associated with the following for the IPS Rules policy:
The basic process includes checking in the update package to the ePO Master Repository, and then sending the updated information to the clients. Clients obtain updates only through communication with the ePO server and not directly through the HTTP protocol.
Checking in update packages for Windows and Linux:
You can create an ePO pull task that automatically checks in content update packages to the Master Repository. This task downloads the content update package directly from us at the indicated frequency and adds it to the Master Repository. This process updates the database with new ENS Exploit Prevention content.
Affected ProductsLanguages:This article is available in the following languages: |
|