|How to best apply GFI Languard for Remediation? [message #150602]
||Mon, 06 December 2021 02:15
Registered: February 2020
I've been using GFI Languard actively for some time now. So, I'd say that I've progressed beyond "novice" and have become a productive user. But, I wonder if it isn't possible to do better?|
As background, I should mention that we don't allow GFI Languard to automatically upgrade Windows OS - to avoid serious upgrade problems we've experienced in the past.
So, that's just a given that will require some manual effort when Windows OS updates are available and desired.
Beyond that, here is what our process has evolved into:
1) Use Agents throughout.
2) Scan all the computers once every 24 hours.
So, if this were completely successful then we'd only have to deal with Windows OS updates manually or semi-manually (we can manually cause GFI Languard to launch Windows OS updates).
There are still things I don't understand about how GFI Languard sequences some things:
For background and to illuminate my ignorance, it appears that:
- there will be a scan
- the scan will compare against a version database or vulnerability database
- when the scan is done, the vulnerablilties will be enumerated.
- on the next scan, the vulnerabilities (need for updates) will be installed.
So, there is nominally a 24-hour delay between detection and remediation ... is that right?
And, if this is the case then the worst-case delay would be 48 hours with our 24-hour scan interval (if an update appears in the database just after the last scan).
I'm not complaining here, just trying to tie down the timeline.
My impression is that a single scan will not both determine need for updates AND update as part of the same scan.
Otherwise, why do I see computers needing certain updates at all?
So, some discussion on how things are lined up in time ( or MAY BE lined up in time) would be useful I should think.
It may seem rather clunky but here is a process that I've come up with. It works but it's a bit labor-intensive:
Open up GFI Languard and look at the color-coded icons alongside each computer and computer group.
Study things a bit to find common vulnerabilities.
Gather up computers with a common vulnerability and remediate them all at once.
Or, for examination purposes do them one at a time perhaps.
Some of the computers will show that they require a reboot (is this a result of a choice we've made?)
So, one can reboot those computers needing it.
At this point, I see no way to know if it happened and the need for reboot message remains.
It appears that asking for another scan of those computers will clear this - but doing this takes time so it's not so efficient.
OK, so now there are computer vulnerabilities that have been remediated and the computers have been rebooted if necessary.
Also, it appears that the result of the remediation won't be showing unless another scan is done.
Because there seems to be no way to tell just where a computer is in this sequence of events (I don't think there's a "standard sequence" of events here), I started using a spreadsheet scratchpad.
List all the computers needing attention in the first column.
Note what was done first to each computer in the 2nd column.
Note what was done second to each computer in the 3rd column.
Note what was doen 3rd to each computer in the 4th column.
When a computer is showing a colored icon that is DARK GREEN, delete this row from the spreadsheet.
As a result, I can look at the spreadsheet and determine if a computer was remediated only, remediated and rebooted or remediated, rebooted and scanned.
Doing this saves scanning when it isn't necessary. For example, to determine if it's been rebooted.
I should say that this works just fine, particularly with the spreadsheet to guide dealing with many computers at once.
But I have to wonder if it isn't just a bit more awkward and time-consuming than necessary?