Is this busy work or normal?

Daneil3144 · August 2017

Every other day or when there is downtime, I'm given the Symantec AntiVirus Logs by my supervisor.
(I've already gripped about downtime previously)

Anything that is over 7 days in terms of an update, I'm told to go that desktop and log in and update Symantec.

9/10 out of the reason, the virus update is over 7 days, is because the desktop is off or something. (Someone is on vacation or there is a vacancy)

Yet, the minute that someone logs into that computer, the antivirus is going to be updated anyways.

So, is there a purpose, that I don't understand of me having to manually go to that desktop and power it on or force an update?

Someone with a greater understanding, explain that to me.

albinorhino187 · August 2017

Maybe he likes to see all pretty green on the dashboard.

scaredoftests · August 2017

Maybe he wanted you to look through the logs to get used to it. Busy work during the downtime.

mikey88 · August 2017

albinorhino187 wrote: »

Maybe he likes to see all pretty green on the dashboard.

Yes, all green is pretty.

ITSpectre · August 2017

Look at it like this....

Its more exp with symantec that you can talk about in a interview. When you can complete that he may give you more to do in addition to that work. No job is too small in the IT field.

ITSpectre · August 2017

Daneil3144 wrote: »

Yet, the minute that someone logs into that computer, the antivirus is going to be updated anyways.

It is better and more efficient to have the updates already, then to wait for the machine to update when you login. Therefore you are decreasing the wait time for people to be able to login and do their jobs.... increasing productivity and in turn you are gaining valuable experience doing those manual updates.

SteveLavoie · August 2017

Sure it seem a bit pointless, but if you are not busy either suggest other work to do or take what he give you. Also, perhaps your boss is trying to protect your job, you better look busy (even if it is pointless job) than to be considered lazy by other coworker (other dept).

MordyIT · August 2017

Send a magic packet and task the pc to turn off again at a certain time.

p@r0tuXus · August 2017

Great points by all the posters... maybe it's just busy work, maybe it justifies your job, maybe they're giving you a score of higher numbers of systems you helped protect (that always helps ;P) and then maybe they're actually putting something out there they hope you'll do or find. Maybe you could automate the entire process and show them how it works.

Downtime = Opportunity

EnderWiggin · August 2017

If there's a machine that isn't updating for some reason, it needs to be identified and remedied as soon as possible. If they're just not updating because they're off, no big deal. But one day there could be one that is having issues, and needs troubleshooting. If it gets ignored because machines are usually just off, then that machine continues to sit there without updated definitions, and results in security vulnerabilities.

EANx · August 2017

Are you able to get a report of machines that are 4-5 days out of date? If so, wander around and turn them on. It will reduce the number of machines your boss gives you.

UnixGuy · August 2017

Find a way to automate this task, maybe a good time to learn PowerShell?

DatabaseHead · August 2017

UnixGuy wrote: »

Find a way to automate this task, maybe a good time to learn PowerShell?

Automation becomes addicting. Not because you enjoy doing it, but because of the things you no longer have to do!

TechGromit · August 2017

UnixGuy wrote: »

Find a way to automate this task, maybe a good time to learn PowerShell?

Or set up a re-occurring task, in task manger.

TheFORCE · August 2017

There can be various reason why an agent doesn't update. Instead of having an issues and complaining about the task why dont you find the root cause?

Surely if the AV agents doesnt update, IT will also have issues with machines not receiving all the necessary updates.

What you can do is instruct users to log off instead of shutting down their PC.
Learn how to ping a machine
Learn how to upgrade an agent remotely from the Symantec console.
The more you learn how to use the tool the less work you have to do.

DatabaseHead · August 2017

TechGromit wrote: »

Or set up a re-occurring task, in task manger.

That's where you schedule your scripts.

ITSec14 · August 2017

To me, it sounds like he wants the green lights on his dashboard.

TheFORCE · August 2017

ITSec14 wrote: »

To me, it sounds like he wants the green lights on his dashboard.

Whats wrong with that? Green light means "all systems go". Isn't that the reason we do these jobs?

xxxkaliboyxxx · August 2017

I never understood this. We all have to do the "grunt" work and put in our time. We all can't start off hacking the Matrix. I also agree with automation though, do you script yet? If not, might be a good time to begin or at least learn.

powerfool · August 2017

MordyIT wrote: »

Send a magic packet and task the pc to turn off again at a certain time.

This. Come up with a means to bring up systems to perform updates automatically and then have them shut down or go to sleep afterwards. That is creating real value and that is what you should be focusing on.

mbarrett · August 2017

There should be a way to force updates at a certain time...but yeah, that's busy work. Extremely low benefit from a risk perspective.

Daneil3144 · August 2017

UnixGuy wrote: »

Find a way to automate this task, maybe a good time to learn PowerShell?

TechGromit wrote: »

Or set up a re-occurring task, in task manger.

Unless, I am missing something with automation and powershell; this task is automatically automated by Symantec the minute the desktop hits the network.

They are powered off is the reason they aren't getting the update.

Unless there is something I can learn with automation that turns the desktop on after it is powered off.

TheFORCE wrote: »

Learn how to upgrade an agent remotely from the Symantec console.

I know how to do this, but unless I'm ignorant of something, you can't do a remote update to a powered off machine.

powerfool · August 2017

Daneil3144: but if there is some critical update that comes out, you don't want machines to be too far behind. I have seen situations where machines have become infected within 3 minutes of being powered on because they weren't patched. It is a good practice to routinely keep systems up to date. Letting them sit there unpatched and offline is fine, but when you power them back on, it creates an issue.

Alternatively to automating them powering back on for updates, you could implement some NAP/NPS solution that places machines into a quarantined network to get updates until they have been remediated.

mbarrett · August 2017

I thought Symantec goes out & checks for updates when it starts up? If not there should be a way to put this in the startup script or GPO so it grabs updates while it's coming up.

Daneil3144 · August 2017

mbarrett wrote: »

I thought Symantec goes out & checks for updates when it starts up? .

It does! That's my entire point.

TheFORCE · August 2017

Daneil3144 wrote: »

It does! That's my entire point.

Like I said earlier, educate your user base to not shut down their PC, instead they should only log off.
I can see a reason why he is making you power them on. Maybe he is running reports and wants to see all the metrics are close to 99% or 100. Maybe he is presenting those metrics to IS meetings and so on and wants to show good security posture.
Why dont you ask or tell him that it is unnecessary? Maybe he will tell you his reason. I always ask when i dont understand the reason of something that I'm asked to do. Never someone has told me not to ask.

Daneil3144 · August 2017

TheFORCE wrote: »

Like I said earlier, educate your user base to not shut down their PC, instead they should only log off.
I can see a reason why he is making you power them on. Maybe he is running reports and wants to see all the metrics are close to 99% or 100. Maybe he is presenting those metrics to IS meetings and so on and wants to show good security posture.
Why dont you ask or tell him that it is unnecessary? Maybe he will tell you his reason. I always ask when i dont understand the reason of something that I'm asked to do. Never someone has told me not to ask.

Why are you under the impression, that I haven't asked? The answer I received didn't make sense to me; generalized 'security risk' response. But, he's my supervisor and I'll take what he says. He's been here for 20+ years, with a high school education/no certs. But it is, what it is.

So, I decided to ask this forum with people who have a vast array of knowledge.

And; FYI, he tells the user base to shut off PCs so they can receive group policy updates.

Edit: Also, he tells them to turn it off to clear any 'gunk' that the computer has stored throughout the day.

thomas_ · August 2017

Is there a GPO that removes the shutdown option?

TechGromit · August 2017

thomas_ wrote: »

Is there a GPO that removes the shutdown option?

Yes there is, but it doesn't protect pulling the power plug.

thomas_ · August 2017

They could also hold down the power button, but I'm banking on the fact that users would be too lasy to pull the power cord or hold the power button down and instead just select restart or sleep. It seems like getting the users to restart the computer would be the better option.

Blucodex · August 2017

It's not "busy work".

Is this busy work or normal?

Comments