CPUG

The Check Point User Group

A Resource For The Check Point Community.  Fast.  Useful.  Independent.

1. Come to CPUG CON 2008 EUROPE in Switzerland on September 8th - 9th!
    Two days full of technical content for Check Point administrators in the beautiful Swiss Alps!
    We already have 72 attendees signed up from 20 countries!
2. CCSA/CCSE One-Week Dual-Certification Training Course with CPUG in San Francisco!
    Courses Starting 10/6, 11/3, 12/8, (2009) 1/19, 2/9, 3/9, 4/6, 5/4, 6/8, 7/6, 8/3, 9/7.
3. Corrent S3500 SecureXL Turbocards For Sale - Last Six Remaining - Get Your Spares!
4. Join Us On LinkedIn - We now have a CPUG group.


Go Back   CPUG: The Check Point User Group > Internal Security > Endpoint Security (Formerly Integrity)
Reload this Page Integrity enforcement checks and remediation
Register FAQ Members List Calendar Search Today's Posts Mark Forums Read

Reply
 
LinkBack Thread Tools Display Modes
  #1 (permalink)  
Old 2006-11-09
Steve Steve is offline
Junior Member
  
Join Date: 2006-05-02
Posts: 23
Rep Power: 0
Steve has an average reputation (10+)
Default Integrity enforcement checks and remediation
I want my integrity clients to be checked for their symantec DAT version. If this is too out of date I want the remediaition to force them to update from my internal AV server.

I have enabled all the relevant firewall ports - i.e allowing communication from client to AV server over AV ports without SVC checks, but my symantec guy says there is no way we can force the client to do an upgrade. All they suggest is we get the AV server to poll the clinets every 10 minutes.

This way my clients may have to wait 10 mins to become compliant and be allowed in.

This is no good. Has anyone set up a likewise remediaition? If this is all symantec has to offer I could do this with a manually created SVC file.
Reply With Quote
  #2 (permalink)  
Old 2006-11-27
RobertGraham RobertGraham is offline
Senior Member
  
Join Date: 2006-02-02
Posts: 204
Rep Power: 3
RobertGraham has an average reputation (10+)
Send a message via MSN to RobertGraham Send a message via Yahoo to RobertGraham
Default Re: Integrity enforcement checks and remediation
The only way I can think of doing this is to write a batch file or some sort that downloads the most recent DAT file from the Symantec server every day and renames it to something like dailydat.exe.

Then, use this generic name in your auto-remediation configuration. I haven't tested this, but it should work. The only problem would be when someone tries to auto-remediate while the download is running. Ideally, you have a two day window and get the DAT daily.

Let me know if I haven't explained this clearly.
Reply With Quote
Reply

« Previous Thread | Next Thread »
Thread Tools
Display Modes
Linear Mode Linear Mode

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are Off
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On



All times are GMT -7. The time now is 22:07.

Contact Us - CPUG Home Page - Archive - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
LinkBacks Enabled by vBSEO 3.0.0