Skip to main content
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products

Testing Threats after Updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection detection method

Summary: Suggested methods for testing threats after updates to Dell Endpoint Security Suite Enterprise Advanced Threat Protection.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.

Symptoms

Note:

Affected Products:

  • Dell Endpoint Security Suite Enterprise
  • Dell Threat Defense

Affected Versions

  • 1371
  • 1391
  • 1.0.1
  • 1.2
  • 1.2.1392
  • 2.0.1451
  • 2.0.1452

Cause

Not Applicable

Resolution

Dell Technologies recommends users set their Agent Update to Auto-Update to get the latest features, enhancements, and bug fixes the product has to offer.

When an organization wants to test a new agent or new model update before it is deployed to all their devices, the Agent Update setting can be changed. This enables organizations to manually deploy new agent updates to test devices and review the results before updating the rest of their devices in their organization.

When testing new agent or new model updates, use devices or virtual machines that represent computers in your organization, using software that runs in your environment. Especially any custom-made software that is unique to your organization.

Note:  Once the evaluation is complete, it is recommended to set the Agent Update to Auto-Update.

Deployment Procedures

File Size

Agent updates that do not include a new threat model only include the files that the Agent needs. On average, this is roughly 5 MB per agent version. Agent updates that contain a new threat model are roughly 350 MB. If you manually deploy Agents, a package is available from Dell Support.

Note: The Offline installer by Dell Support contains both an installer and an update package for 32 and 64-bit devices.

Simultaneous Device Updates

The number of simultaneous device updates is limited to 1000 devices at a time by default. This can be raised and lowered based on the needs of the environment. This is only possible to be done through Dell support. Reference the contact information at the bottom of this KB article for contact information.

Reviewing Results:

For New Agent Updates:

Check the Device Details page for each test computer, looking for items that are marked as Abnormal or Unsafe.

  1. Log in to the Dell Data Protection Remote Management Console.
  2. Select Enterprise, then click Advanced Threats, then select Agents. The Agent Details page displays.
  3. Click a device name from the Device List. The Device Details page displays.
  4. Look under Threats & Activities, review any items that are listed under Threats, Exploit Attempts, and Script Control (if enabled).
  5. For items that are considered Abnormal or Unsafe but should be allowed to run, you have a few options:
    • If the item should be allowed to run on all devices, then add it to the Global Safe List.
    • If the item should be allowed to run on a group of devices, but not all devices, then add it to a Policy Safe List.
    • If the item should be allowed to run on a single device, then Waive it for that device.

For New Model Updates:

Use the Production Status and New Status columns on the Protection page to review changes between the existing model and the new model. This provides information about any Cylance Score changes to items in your organization.

  1. Log in to the Dell Data Protection remote Management Console.
  2. Select Protection, then add the Classification, Production Status, and New Status columns.
  3. Look for changes between the Product Status and New Status columns. If any changes would impact your organization, you can either Safelist or Quarantine the item at the level that makes sense (Global, Policy, or Local).
Note: Leaving Auto-Update disabled means that your Agents are not receiving any new features, enhancements, or bug fixes until you decide to update. With updates occurring frequently, Agents become outdated quickly.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Dell Threat Defense, Dell Endpoint Security Suite Enterprise
Article Properties
Article Number: 000126627
Article Type: Solution
Last Modified: 02 Oct 2023
Version:  8
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.