![]() That's actually the order of precedence that I use, and while everyone's situation may be different, I think it is helpful to define how each works, when and where we would rely on each, and why. There are 5 updates sources available for Definition / Intelligence Updates: Microsoft Update, UNC file shares, WSUS, Configuration Manager, MS Malware Protection Center. To make this work effectively, Update Synchronization, Automatic Deployment Rule, and agent check-in must all be very frequent (plus dealing with timing windows), and then you end up looking like this: Options for Update Sources Once the agents on your clients check in and figures out there are updates available, they download the package to the client, kick off the install, and then the agent at some point will report back to ConfigMgr that updates have completed. While this works, it's pretty terrible because the following has to happen:įirst, ConfigMgr tells WSUS to sync with Windows Updates, then it approves the definition update, then it downloads the definition update which means a new revision of the package which now needs to be replicated out to the distribution points. ![]() We've traditionally used Windows Update as the primary update source and then relied on ConfigMgr/WSUS as fallback methods. This post from SwiftOnSecurity got me thinking about the way we handle our fallback for definition/intelligence updates, and while I was originally planning on a broader coverage of things like exclusions and other policy settings, this article alone started getting way too long :)Īs the above tweet indicates, ConfigMgr is definitely not the best update tool for Windows Defender. Today we're going to talk about the best (and worst) methods for Windows Defender definition/intelligence updates and how to configure them. The layers of complexity, lack of monitoring, and general aloofness by staff means it just stays broken.- SwiftOnSecurity January 29, 2020 SCCM is the absolute weakest link in AV update distribution for most enterprises. ![]() 6 min read Photo by Ed Hardie / Unsplashĭefender/SCEP ProTip (not from the product team but somebody else that sees how it fucks up):. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |