This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Does Sophos Update include also AV update definition/signature?

I am changing Symantec AV for Sophos Intercept X, and I used to control the AV definitions/signatures. But now with Sophos I have found that we can control Sophos updates, but I wonder if it also includes the update of AV definitions, please could you clarify it?. Can I just control update AV definitions?

TIA,

Jaime L



This thread was automatically locked due to age.
Parents
  • Hello Jaime L,

    you can, to a certain extent, control software updates - detection data updates can't be delayed or suspended. What would be the purpose of this? Latest definitions should protect from latest threats. Why is it preferable to control definition updates?

    Christian

  • Hi Christian, I agree with you about that it will be better to be updated all the time, but in the past we had a situation when AV definitions were corrupted and we had a big problem (using Symantec SEP), since then we prefer just to update partially of the devices and later update the rest of systems. That why I am interested to looking for the way to do it, but it looks that it is not possible, right?

    Jaime L

  • Hello Jaime L,

    in the past we had a situation
    who hadn't Cold sweat.
    Understandable, but it's not the best idea considering actual probabilities, possible kinds of "corruption" and whether your approach can detect all of them in time (well, you could just wait if other users encounter problems, you don't have to endanger your devices), and last but not least what difference a few hours can make in case of a malware campaign. Sure, there's Live Protection so a little updating latency is not as bad - but also are timely updates not as moot as one might think. The latter provide a "baseline" for Live Protection.

    it is not possible
    AFAIK - no
    . It never was, IIRC, all you could do (in the on-premise product) was stretching the interval between updates to a maximum of 1440 minutes. This feature has been withdrawn with Central/Intercept x (and for a reason, I assume). Botched definitions that cause big problems are very rare, veeeery veeeery rare. Late or missed updates have much more adverse potential.

    Christian

Reply
  • Hello Jaime L,

    in the past we had a situation
    who hadn't Cold sweat.
    Understandable, but it's not the best idea considering actual probabilities, possible kinds of "corruption" and whether your approach can detect all of them in time (well, you could just wait if other users encounter problems, you don't have to endanger your devices), and last but not least what difference a few hours can make in case of a malware campaign. Sure, there's Live Protection so a little updating latency is not as bad - but also are timely updates not as moot as one might think. The latter provide a "baseline" for Live Protection.

    it is not possible
    AFAIK - no
    . It never was, IIRC, all you could do (in the on-premise product) was stretching the interval between updates to a maximum of 1440 minutes. This feature has been withdrawn with Central/Intercept x (and for a reason, I assume). Botched definitions that cause big problems are very rare, veeeery veeeery rare. Late or missed updates have much more adverse potential.

    Christian

Children