Jasper Fiet’s second presentation of the conference focused on Patch and AV for the N-central® solution, covering everything from how to set them up correctly to trouble-shooting problems and keeping them cleaned and maintained.
Starting with patch management, Jasper set out the key background points:
Jasper started off with a live demo showing how to create maintenance windows and when to perform a path detection, and explained how to download and install patches. He then ran through some of the key capabilities of patch management, including:
When approved, patches get downloaded according to your download schedule. If they are downloaded to the probe, the patches get distributed immediately. If not, then will be stored until next installation schedule. Reboots will only occur if the installation patches require it and Reboot Windows permits. Major updates are tested roughly once a week by N-central and then released afterwards.
Jasper continued by working through some of the key areas that people get wrong with patch management.
“Maintenance windows can be an area of confusion for people,” he said. “If you set a window to install patches between 2am and 4am, it will start at any point it is able to during that window, and will only run once. The only reason we have a window with a long time frame is that if devices are not online, the patching process can start at another time during that window.
“Some people think setting a maintenance window for 30 minutes means it will only run for a maximum of 30 minutes—that’s not the intention. On top of this, you need to complete daily detection for patches; if you don’t, you can easily lose track of how your patch management program is going.”
Jasper also noted that users often create all their configurations at the customer level. “This means they don’t have an overview of what’s going on,” he warned. “By doing this on the highest level, you enable yourself to see what you have done for all your customers, and who has what applied.”
You also need to make sure you keep your patch management healthy. “This means monitoring how things are going, but also checking if any patches have been misconfigured or lack information,” said Jasper. “This is maybe worse than a failed installation, as you have no idea how the patch is actually going. You can set up the patch system to send a notification if this happens.”
Jasper supplied a number of resources for troubleshooting patches if they don’t install properly, including: update.icrosoft.com and http://sis.n-able.om (third- party patching). Beyond that, he said it was a three-step process:
“In summary,” Jasper concluded, “make sure you configure your maintenance windows and rules correctly, that you run a daily patch detection window, that you keep your patching system healthy—maintain patching via the patch status service, and keep up-to-date with the latest patch management releases.”
The antivirus in N-central—AV Defender—is fully controllable from within the product and doesn’t require a separate console, so everything is accessed via a single pane of glass. It also allows for the following:
Jasper drew attention to some configuration points, including the ability to exclude things, define where to scan, and where to get updates from. He also highlighted some areas users tend to overlook: For example, we’ve released new modules that are not automatically enabled, such as scan vaccine, which is good against ransomware, behaviour analysis, the ability to create general profiles or customer-specific roles, and different modules selling as premium features.
As well as talking about how to perform installs and where to get updates from, Jasper focused on some key areas of AV best practice. “A lot of people do a full scan of the whole machine, but for AV Defender, you don’t really need that,” he explained. “You only need to scan files that are inactive, as every file that is opened will be scanned. A full scan is recommended on a monthly, not weekly, basis. And since there is a CPU load from that, we suggest you do this outside of patch or backup windows. The primary reason we get high CPU loads is because we scan archive files, which mean we have to unpack the files.”
Another element of best practice is keeping the system healthy. “You need to make sure you know when your AV is not reporting as much as when it is reporting in viruses,” said Jasper. “AV Defender will supply you with data on misconfigurations to help you ensure you know exactly what is going on with all your devices.”
Jasper concluded by looking at two further functions, the Sys-tray icon and the reporting functionality. With Sys-tray, it’s crucial to know when to use the notifications. “If you show alerts to your end users, they are going to phone your office and say, ‘hey, I got a virus,’ or ‘something is happening on my machine,’” said Jasper. “This is only handy if your customer is on an hourly contract, but if your customer is on a fully managed program, you don’t want them to call you all the time. You already know the issue.”
Adding to this, Jasper provided a walkthrough on how to manage the Sys-tray settings.
Finally, he looked at reporting. “The reporting functionality allows you to take your service to the next level and actually start being an advisor to your customers,” Jasper elaborated. “Being able to see the top 10 devices with the most infections, means, for example, that you could see that the person in HR with access to lots of sensitive data is getting the most infections, so instead of just being the techy guys, you can advise you customer on this and suggest training or other interventions for the company to consider.”
Jasper Fiet is manager, sales engineering EMEA, for SolarWinds MSP
© 2018 SolarWinds MSP UK Ltd. All rights reserved.
The SolarWinds and SolarWinds MSP trademarks, service marks, and logos are the exclusive property of SolarWinds MSP UK Ltd. or its affiliates. All other trademarks are the property of their respective owners.