loraXXarol said:
Hi, Bill -
I'm running WSUS to push out the updates, yes. However, there was a time
between the install of Defender and the install window of the WSUS
updates.
WSUS should work for you--I see that it is for others in these groups.
But, the question "Would you prefer that they had provided a mechanism
that
does an end run around the managements chosen control of updates?" doesn't
address the point that Defender *itself* was doing the end run - by a>
telling me that its definitions were old, b> trying to update itself BY
itself, and then c> failing.
If Defender is mandated on your desktops, then presumably you want it to be
current, so notification of that state is important. Windows Defender will
be part of a subscription product--Microsoft Client Protection:
http://www.microsoft.com/windowsserversystem/solutions/security/clientprotection/default.mspx
This will have heavy duty central management capabilities--and may be worth
your consideration. If your enterprise has a Microsoft contact person--ask
them about this product and whether beta testing opportunities may be
available later in the year.
So, no...I wouldn't prefer that - it just seems that's the way it is.
But, it *is* interesting that you bring up "a mechanism that does an end
run
arount the managements' chosen control of updates." It turns out - and I
have posted this elsewhere - that Defender has been asking my employees if
they want to disallow the firewall port exceptions that I've pushed out
using
AD GPO. While there IS a workaround available for this, it seems a little
out of whack compared to general MS permissioning methodology to have a
piece
of software behave that way.
And this was highlighted by KB articles written before Beta1 was released.
In beta2, I believe that there should be policy settings for this kind of
issue, but that the required templates are not yet available. So--you're
deploying unsupported beta code on production machines--something many of us
do--but there's always a risk, and what you mention is one such risk.
It *is* a beta, I understand that. That's one of the reasons why I am
posting, to try to bring these things to light prior to production
release.
And I appreciate the posts--they are helpful to others who are considering
the same actions--That's what newsgroups are all about. Thanks!