Is this busy work or normal?
Daneil3144
Member Posts: 152 ■■■□□□□□□□
Every other day or when there is downtime, I'm given the Symantec AntiVirus Logs by my supervisor.
(I've already gripped about downtime previously)
Anything that is over 7 days in terms of an update, I'm told to go that desktop and log in and update Symantec.
9/10 out of the reason, the virus update is over 7 days, is because the desktop is off or something. (Someone is on vacation or there is a vacancy)
Yet, the minute that someone logs into that computer, the antivirus is going to be updated anyways.
So, is there a purpose, that I don't understand of me having to manually go to that desktop and power it on or force an update?
Someone with a greater understanding, explain that to me.
(I've already gripped about downtime previously)
Anything that is over 7 days in terms of an update, I'm told to go that desktop and log in and update Symantec.
9/10 out of the reason, the virus update is over 7 days, is because the desktop is off or something. (Someone is on vacation or there is a vacancy)
Yet, the minute that someone logs into that computer, the antivirus is going to be updated anyways.
So, is there a purpose, that I don't understand of me having to manually go to that desktop and power it on or force an update?
Someone with a greater understanding, explain that to me.
Comments
-
albinorhino187 Member Posts: 117 ■■■□□□□□□□Maybe he likes to see all pretty green on the dashboard.CCIE RS - Written (Goal: July 2019) [ ] Lab [ ]
-
scaredoftests Mod Posts: 2,780 ModMaybe he wanted you to look through the logs to get used to it. Busy work during the downtime.Never let your fear decide your fate....
-
mikey88 Member Posts: 495 ■■■■■■□□□□albinorhino187 wrote: »Maybe he likes to see all pretty green on the dashboard.
Yes, all green is pretty.Certs: CISSP, CySA+, Security+, Network+ and others | 2019 Goals: Cloud Sec/Scripting/Linux -
ITSpectre Member Posts: 1,040 ■■■■□□□□□□Look at it like this....
Its more exp with symantec that you can talk about in a interview. When you can complete that he may give you more to do in addition to that work. No job is too small in the IT field.In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios -
ITSpectre Member Posts: 1,040 ■■■■□□□□□□Daneil3144 wrote: »
Yet, the minute that someone logs into that computer, the antivirus is going to be updated anyways.
It is better and more efficient to have the updates already, then to wait for the machine to update when you login. Therefore you are decreasing the wait time for people to be able to login and do their jobs.... increasing productivity and in turn you are gaining valuable experience doing those manual updates.In the darkest hour, there is always a way out - Eve ME3 :cool:
“The measure of an individual can be difficult to discern by actions alone.” – Thane Krios -
SteveLavoie Member Posts: 1,133 ■■■■■■■■■□Sure it seem a bit pointless, but if you are not busy either suggest other work to do or take what he give you. Also, perhaps your boss is trying to protect your job, you better look busy (even if it is pointless job) than to be considered lazy by other coworker (other dept).
-
MordyIT Member Posts: 25 ■■□□□□□□□□Send a magic packet and task the pc to turn off again at a certain time.
-
p@r0tuXus Member Posts: 532 ■■■■□□□□□□Great points by all the posters... maybe it's just busy work, maybe it justifies your job, maybe they're giving you a score of higher numbers of systems you helped protect (that always helps ;P) and then maybe they're actually putting something out there they hope you'll do or find. Maybe you could automate the entire process and show them how it works.
Downtime = OpportunityCompleted: ITIL-F, A+, S+, CCENT, CCNA R|S
In Progress: Linux+/LPIC-1, Python, Bash
Upcoming: eJPT, C|EH, CSA+, CCNA-Sec, PA-ACE -
EnderWiggin Member Posts: 551 ■■■■□□□□□□If there's a machine that isn't updating for some reason, it needs to be identified and remedied as soon as possible. If they're just not updating because they're off, no big deal. But one day there could be one that is having issues, and needs troubleshooting. If it gets ignored because machines are usually just off, then that machine continues to sit there without updated definitions, and results in security vulnerabilities.
-
EANx Member Posts: 1,077 ■■■■■■■■□□Are you able to get a report of machines that are 4-5 days out of date? If so, wander around and turn them on. It will reduce the number of machines your boss gives you.
-
UnixGuy Mod Posts: 4,570 ModFind a way to automate this task, maybe a good time to learn PowerShell?
-
DatabaseHead Member Posts: 2,754 ■■■■■■■■■■Find a way to automate this task, maybe a good time to learn PowerShell?
Automation becomes addicting. Not because you enjoy doing it, but because of the things you no longer have to do! -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Find a way to automate this task, maybe a good time to learn PowerShell?
Or set up a re-occurring task, in task manger.Still searching for the corner in a round room. -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□There can be various reason why an agent doesn't update. Instead of having an issues and complaining about the task why dont you find the root cause?
Surely if the AV agents doesnt update, IT will also have issues with machines not receiving all the necessary updates.
What you can do is instruct users to log off instead of shutting down their PC.
Learn how to ping a machine
Learn how to upgrade an agent remotely from the Symantec console.
The more you learn how to use the tool the less work you have to do. -
DatabaseHead Member Posts: 2,754 ■■■■■■■■■■TechGromit wrote: »Or set up a re-occurring task, in task manger.
That's where you schedule your scripts. -
ITSec14 Member Posts: 398 ■■■□□□□□□□To me, it sounds like he wants the green lights on his dashboard.
-
TheFORCE Member Posts: 2,297 ■■■■■■■■□□To me, it sounds like he wants the green lights on his dashboard.
Whats wrong with that? Green light means "all systems go". Isn't that the reason we do these jobs? -
xxxkaliboyxxx Member Posts: 466I never understood this. We all have to do the "grunt" work and put in our time. We all can't start off hacking the Matrix. I also agree with automation though, do you script yet? If not, might be a good time to begin or at least learn.Studying: GPEN
Reading: SANS SEC560
Upcoming Exam: GPEN -
powerfool Member Posts: 1,666 ■■■■■■■■□□Send a magic packet and task the pc to turn off again at a certain time.
This. Come up with a means to bring up systems to perform updates automatically and then have them shut down or go to sleep afterwards. That is creating real value and that is what you should be focusing on.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
mbarrett Member Posts: 397 ■■■□□□□□□□There should be a way to force updates at a certain time...but yeah, that's busy work. Extremely low benefit from a risk perspective.
-
Daneil3144 Member Posts: 152 ■■■□□□□□□□Find a way to automate this task, maybe a good time to learn PowerShell?TechGromit wrote: »Or set up a re-occurring task, in task manger.
Unless, I am missing something with automation and powershell; this task is automatically automated by Symantec the minute the desktop hits the network.
They are powered off is the reason they aren't getting the update.
Unless there is something I can learn with automation that turns the desktop on after it is powered off.Learn how to upgrade an agent remotely from the Symantec console.
I know how to do this, but unless I'm ignorant of something, you can't do a remote update to a powered off machine. -
powerfool Member Posts: 1,666 ■■■■■■■■□□Daneil3144: but if there is some critical update that comes out, you don't want machines to be too far behind. I have seen situations where machines have become infected within 3 minutes of being powered on because they weren't patched. It is a good practice to routinely keep systems up to date. Letting them sit there unpatched and offline is fine, but when you power them back on, it creates an issue.
Alternatively to automating them powering back on for updates, you could implement some NAP/NPS solution that places machines into a quarantined network to get updates until they have been remediated.2024 Renew: [ ] AZ-204 [ ] AZ-305 [ ] AZ-400 [ ] AZ-500 [ ] Vault Assoc.
2024 New: [X] AWS SAP [ ] CKA [ ] Terraform Auth/Ops Pro -
mbarrett Member Posts: 397 ■■■□□□□□□□I thought Symantec goes out & checks for updates when it starts up? If not there should be a way to put this in the startup script or GPO so it grabs updates while it's coming up.
-
Daneil3144 Member Posts: 152 ■■■□□□□□□□I thought Symantec goes out & checks for updates when it starts up? .
It does! That's my entire point. -
TheFORCE Member Posts: 2,297 ■■■■■■■■□□Daneil3144 wrote: »
It does! That's my entire point.
Like I said earlier, educate your user base to not shut down their PC, instead they should only log off.
I can see a reason why he is making you power them on. Maybe he is running reports and wants to see all the metrics are close to 99% or 100. Maybe he is presenting those metrics to IS meetings and so on and wants to show good security posture.
Why dont you ask or tell him that it is unnecessary? Maybe he will tell you his reason. I always ask when i dont understand the reason of something that I'm asked to do. Never someone has told me not to ask. -
Daneil3144 Member Posts: 152 ■■■□□□□□□□Like I said earlier, educate your user base to not shut down their PC, instead they should only log off.
I can see a reason why he is making you power them on. Maybe he is running reports and wants to see all the metrics are close to 99% or 100. Maybe he is presenting those metrics to IS meetings and so on and wants to show good security posture.
Why dont you ask or tell him that it is unnecessary? Maybe he will tell you his reason. I always ask when i dont understand the reason of something that I'm asked to do. Never someone has told me not to ask.
Why are you under the impression, that I haven't asked? The answer I received didn't make sense to me; generalized 'security risk' response. But, he's my supervisor and I'll take what he says. He's been here for 20+ years, with a high school education/no certs. But it is, what it is.
So, I decided to ask this forum with people who have a vast array of knowledge.
And; FYI, he tells the user base to shut off PCs so they can receive group policy updates.
Edit: Also, he tells them to turn it off to clear any 'gunk' that the computer has stored throughout the day. -
TechGromit Member Posts: 2,156 ■■■■■■■■■□Is there a GPO that removes the shutdown option?
Yes there is, but it doesn't protect pulling the power plug.Still searching for the corner in a round room. -
thomas_ Member Posts: 1,012 ■■■■■■■■□□They could also hold down the power button, but I'm banking on the fact that users would be too lasy to pull the power cord or hold the power button down and instead just select restart or sleep. It seems like getting the users to restart the computer would be the better option.