Exploit Prevention signature content updates and remediation rollback version for troubleshooting

Technical Articles ID: KB92136
Last Modified: 2022-08-05 05:45:15 Etc/GMT

Environment

Endpoint Security (ENS) Threat Prevention 10.x
Endpoint Security for Linux Threat Prevention (ENSLTP) 10.x
ePolicy Orchestrator (ePO) 5.x

Summary

Content update frequency for ENS Windows:
ENS Exploit Prevention content updates for Windows agents are updated on the second Tuesday of every month, usually by 8 p.m. PST. This schedule is in correspondence with monthly Microsoft Windows Security Updates (Microsoft Patch Tuesday).

Content update frequency for ENSLTP:
ENSLTP Exploit Prevention content updates for Linux agents are updated once a quarter. This schedule is aligned with either of the following:

Updates for ENSLTP
Based on critical security updates for Linux distributions that the ENSLTP Exploit Prevention module supports

Release Notes:

Exploit Prevention content release notes are viewable on the Security Updates page.

Rollback version:
If there's an identified issue related to a new content update, a remediation (or rollback) signature set will be available.

The remediation version restores the previous signature content version while incrementing the signature version number within the ePO repository. The increment of the signature version number is needed because there's no rollback option for Exploit Prevention agent signature updates.

If you require the current content remediation version, contact Technical Support.

To contact Technical Support, go to the Create a Service Request page and log on to the ServicePortal.

If you are a registered user, type your User ID and Password, and then click Log In.
If you are not a registered user, click Register and complete the fields to have your password and instructions emailed to you.

Related Information

ENS Exploit Prevention content updates:

Exploit Prevention supports multiple versions of client content and code. The latest available content displays in the ePO console. New content is always supported in subsequent versions, so content updates contain mostly new information or minor changes to existing information.

A content update package handles updates. This package contains content version information and updating scripts. Upon check-in, the package version is compared to the version of the most recent content information in the database. If the package is newer, the scripts from this package are extracted and executed. This new content information is then passed to clients at the next agent-server communication.

Updates include data associated with the following for the IPS Rules policy:

IPS signatures (both Windows and Linux)
Trusted Applications policy (Windows only)

The basic process includes checking in the update package to the ePO Master Repository, and then sending the updated information to the clients. Clients obtain updates only through communication with the ePO server and not directly through the HTTP protocol.

Checking in update packages for Windows and Linux:

You can create an ePO pull task that automatically checks in content update packages to the Master Repository. This task downloads the content update package directly from us at the indicated frequency and adds it to the Master Repository. This process updates the database with new ENS Exploit Prevention content.

Log on to the ePO console.
Click Menu, Software, Master Repository.
Click Actions, Schedule Pull.
Name the task (for example, EP Content Updates), and then click Next.
Select each of the following, and then click Next:
- Repository Pull as the Task type
- The source of the package
- The branch to receive the package (Current, Previous, or Evaluation)
- One or more packages selected:
  - For Windows: Endpoint Security Exploit Prevention Content
  - For Linux: Endpoint Security Exploit Prevention Linux Content
Schedule the task as needed, and then click Next.
Verify the information, and then click Save.

Affected Products

Languages:

This article is available in the following languages:

Knowledge Center

Exploit Prevention signature content updates and remediation rollback version for troubleshooting

Environment

Summary

Related Information

Affected Products

Languages:

Title

Title

Knowledge Center

Exploit Prevention signature content updates and remediation rollback version for troubleshooting

Environment

Summary

Related Information

Affected Products

Languages:

Choose your region

Title

Title