Thread Info
  • State Verified Answer
  • Locked Locked
  • Replies 7 replies
  • Subscribers 1 subscriber
  • Views 2512 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Use specific pattern version

shawn_38

Hi,

we're already using Sophos on our Windows Server and we now evaluate to use Sophos on our cash box systems.

The requirement from this department is to test new pattern versions in a test environment before deploying them.

I know that Sophos releases several pattern updates per day and that you should use always the latest pattern versions to be safe, but in this specific case, we have to test the pattern versions before deploying them.

The risk that a false-positive may block core components of our cashbox system and thousands of our customers can't pay in our shops is much higher than getting infected by malware because we are using multilevel firewalls, application whitelisting,...

So is it possible e.g. to test the latest pattern version on a test group for 1 day (with no automatoc update of the pattern version) and if no problems occured, deploy this version to the productive systems.

I know I can do this with software subscriptions for the scan engine. But is something like that possible for the scan engine.

Thanks.

:44171


This thread was automatically locked due to age.
Parents
  • 0

    Hello shawn_38,

    test new pattern versions

    let's stick to the term IDEs, these aren't patterns.

    Nitpicking aside, I understand your concerns. I'm not sure though that your risk assessment is correct (not that I claim to be an expert). Do I understand correctly that your systems are "connected to the Internet"? Otherwise, what could be a potential path of infection (in other words, how could a threat get in) and what kind of threats do you expect could make it through your other defences?

    I see no simple way (if it is feasible at all) to add a time delay to the distribution of the IDEs. It's contrary to the design of the updating process which should always give you the latest available threat detection data (not necessarily the software) and the same for all subscriptions. Furthermore you can't schedule threat detection data updates, just define an interval.

    Christian

    :44173
Reply
  • 0

    Hello shawn_38,

    test new pattern versions

    let's stick to the term IDEs, these aren't patterns.

    Nitpicking aside, I understand your concerns. I'm not sure though that your risk assessment is correct (not that I claim to be an expert). Do I understand correctly that your systems are "connected to the Internet"? Otherwise, what could be a potential path of infection (in other words, how could a threat get in) and what kind of threats do you expect could make it through your other defences?

    I see no simple way (if it is feasible at all) to add a time delay to the distribution of the IDEs. It's contrary to the design of the updating process which should always give you the latest available threat detection data (not necessarily the software) and the same for all subscriptions. Furthermore you can't schedule threat detection data updates, just define an interval.

    Christian

    :44173
Children
No Data