Exploit Prevention signature content updates and remediation rollback version for troubleshooting
Last Modified: 2022-08-05 05:45:15 Etc/GMT
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Exploit Prevention signature content updates and remediation rollback version for troubleshooting
Technical Articles ID:
KB92136
Last Modified: 2022-08-05 05:45:15 Etc/GMT Environment
Endpoint Security (ENS) Threat Prevention Endpoint Security for Linux Threat Prevention (ENSLTP) 10.x ePolicy Orchestrator (ePO) 5.x Summary
Content update frequency for ENS Windows: ENS Exploit Prevention content updates for Windows agents are updated on the second Tuesday of every month, usually by 8 p.m. PST. This schedule is in correspondence with monthly Microsoft Windows Security Updates (Microsoft Patch Tuesday). Content update frequency for ENSLTP: ENSLTP Exploit Prevention content updates for Linux agents are updated once a quarter. This schedule is aligned with either of the following:
Release Notes: Exploit Prevention content release notes are viewable on the Security Updates page.
Rollback version: If there's an identified issue related to a new content update, a remediation (or rollback) signature set will be available. The remediation version restores the previous signature content version while incrementing the signature version number within the ePO repository. The increment of the signature version number is needed because there's no rollback option for Exploit Prevention agent signature updates. If you require the current content remediation version, contact Technical Support. To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.
Related Information
ENS Exploit Prevention content updates:
Exploit Prevention supports multiple versions of client content and code. The latest available content displays in the ePO console. New content is always supported in subsequent versions, so content updates contain mostly new information or minor changes to existing information.
A content update package handles updates. This package contains content version information and updating scripts. Upon check-in, the package version is compared to the version of the most recent content information in the database. If the package is newer, the scripts from this package are extracted and executed. This new content information is then passed to clients at the next agent-server communication.
Updates include data associated with the following for the IPS Rules policy:
The basic process includes checking in the update package to the ePO Master Repository, and then sending the updated information to the clients. Clients obtain updates only through communication with the ePO server and not directly through the HTTP protocol.
Checking in update packages for Windows and Linux:
You can create an ePO pull task that automatically checks in content update packages to the Master Repository. This task downloads the content update package directly from us at the indicated frequency and adds it to the Master Repository. This process updates the database with new ENS Exploit Prevention content.
Affected ProductsLanguages:This article is available in the following languages: |
|