System Requirements:
EDR Client 3.4 or later.
EDR Client Content Package 3.4.0.461 contains content for detection of
PrintNightmare exploits.
We've made updates available to detect exploitation of the
PrintNightmare vulnerability in the
Windows Print Spooler.
To make sure that these detections are in place, customers must make sure that all EDR endpoints are updated as follows:
| EDR Client Version |
Comments |
| 3.3 or earlier |
Upgrade all EDR endpoints to EDR 3.4 client with content version 3.4.0.461 |
| 3.4 |
Update content on all EDR endpoints to content version 3.4.0.461 |
| 3.5 or later |
No action needed |
Updating content for EDR 3.4 Clients:
The new
PrintNightmare detection content is applied automatically on each endpoint after the next reboot of that endpoint.
In cases where a reboot isn't practical, the following workaround makes sure that the new content is fully applied:
- Make sure that EDR content version 3.4.0.461 or later is deployed to the endpoints.
- In ePO, navigate to Policy Catalog, MVISION EDR.
- Edit the appropriate EDR Policy:
- In the Trace tab, clear the Enable Plug-in checkbox.
- Save the Policy.
- Enforce the Policy:
- Select Menu, Systems, System Tree.
- Select the target group from the System Tree and click the Group Details tab.
- Click Actions, Wake Up Agents.
- Make sure that the selected group appears next to the Target group.
- Select whether to send the wake-up call to All systems in this group or to All systems in this group and subgroups.
- To update all policies and tasks during this wake-up call, select Force complete Policy, Task update.
- To send a wake-up call, click OK.
- Edit the same EDR Policy again:
- In the Trace tab, select the Enable Plug-in option.
- Save the Policy.
- Enforce the Policy by repeating step 4.
