cancel
Showing results for 
Search instead for 
Did you mean: 

DAT Updates

Good day

I was wondering if anyone had any policy or procedure in place for what is and isnt an acceptable time frame for PCs to be out of date on the DAT. I would say 7-14 days is ok and anything after that needs to be investigated for problems.

Any thoughts would be appreciated.

thanks

Paul
2 Replies
Tefty
Level 7
Report Inappropriate Content
Message 2 of 3

RE: DAT Updates

Paul,

I am the EPO administrator in our company (1 of many of my tasks).

I consider anything more than 5 DATS out of date to be an issue, my environment however does not have remote users and i only have to deal with AV on a PC and Server basis.

Unfortunately as well i am having to run with the old VSE 8.0 and EPO 3.5 due to the way our Workstation and Server builds are.

I have created a lovely new shiny EPO 4.0 server and VSE 8.8i build but have been put on hold for implementation Smiley Sad

With the current state of viruses and trojans i would not take the risk of 2 weeks.

Also it is dependant on where your EPO server is located and whether you have to cap the ammount of users accessing it at any 1 time.
Travler
Level 10
Report Inappropriate Content
Message 3 of 3

RE: DAT Updates

Our system is set up so that any system who's dat is more than 14 days out goes to an Inactive Agent group. This group has rules to Install the ePO agent, VSE 8.5, and the anti-spyware module. (Since we've been using McAfee products for years, I also have a rule for this group to Remove VSE 8.0, just in case.) Most machines at this point still need individual attention, but at least this setup catches some of them.

The only problem with setting it up this way is that if any system 14 days out was a member of a group with special rules (normally exclusions but we also have some other groups with mail rules and buffer overflow changes) then these rules will be discarded until I manually move the system back to its proper group. So I do have to monitor this group on a regular basis.

As for 14 days: sadly, we sometimes don't have the manpower to check machines even that far out in a timely manner, so I know that making the cutoff less wouldn't really result in machines getting maintenance any faster. Plus, our network does have multiple layers of protection, so that helps mitigate our risk.