Cousin Vinny 6 Posted November 30, 2021 Posted November 30, 2021 Logging in this morning I see a message in the console stating that automatic updates will be enabled for the products on my network beginning January 29th, 2022. How do I prevent my products from auto-updating? The notification offers no options to disable, only configure an policy that I am unsure will prevent this from happening. Whoever thought automatically updating production machines without being able to test in a controlled environment is smoking crack. They must have forgotten about Webroot bricking thousands of customers machines via an auto update ~5 years ago, but I didn't.
Administrators Marcos 5,453 Posted November 30, 2021 Administrators Posted November 30, 2021 In order to update Endpoint v8 to the latest version 8.1.2037 automatically, you must first enable auto updates via a policy. If you have them disabled like in the screenshot below, Endpoint will not update automatically: Quote Whoever thought automatically updating production machines without being able to test in a controlled environment Endpoint v8.1.2037 was released on September 21, ie. more than 2 months before which gave a plenty of time to test it. There will always be 1-2 month gap between the release and automatic update to the latest version. Plus you can enable pre-release updates on machines where you want to test the latest version in advance. As of Endpoint v9, it won't be possible to disable auto updates but there will still be an option to pause them.
Cousin Vinny 6 Posted November 30, 2021 Author Posted November 30, 2021 I'm just specifically pointing out what you address in the last sentence, that beyond Endpoint v9 or 1/29/22 we will lose the ability to disable auto updates. Will we be able to pause/delay updates via policy or do they have to be paused on a per-client basis? For how long will you be able to defer these automatic updates? This bugs me out Marcos, if there is even the slightest possibility that program updates can be forced onto my network without approval I do not see how I could possibly continue using this product.
Administrators Marcos 5,453 Posted November 30, 2021 Administrators Posted November 30, 2021 I stand corrected, the option to pause program updates will be configurable per update profiles and there will be a general setting for enabling / disabling program updates as well. There won't be any limit for how long you can keep program updates disabled, however, only newer versions receive full support. As for older versions, before they reach EOL they receive only basic support which means we basically guarantee only module updates and critical fixes for them. When you are ready to upgrade to the latest version, you'll simply enable the above setting via a policy. It will also still be possible to send a software install task to clients, however, this type of upgrade requires a computer restart so it's not convenient in networks where many people work.
Cousin Vinny 6 Posted November 30, 2021 Author Posted November 30, 2021 Ok great that's a relief. The support limitations are understandable but there may be unforeseen instances where you need to prevent a device from updating for whatever reason and as long as that is still possible without risk of an automated deployment being forced upon you this change isn't a big deal.
ESET Staff MichalJ 434 Posted December 1, 2021 ESET Staff Posted December 1, 2021 Hello @Cousin Vinny One important thing to mention is, that the "automatic update" channel is using MicroPCU mechanism, meaning it´s not a complete "install over" (like in case of software installation task triggered from ESET PROTECT), but instead the "program component update", which is changing the product internals, and only launches the new version after restart (which can happen at your convenience). This change (auto updates being enabled (of course with the possibility to opt out)) comes as a reaction to ever changing / increasing pace of operating system releases, when Microsoft (but the same applies to Apple, and other OS vendors) rolls updates quickly and automatically, and for such critical system as Endpoint Security product, we need to keep up to prevent cross-compatibility issues (and of course, ensure the highest level of protection). Also, per our conducted customer research, this is becoming a new standard (the same way, like in case of iOS, or apps on your mobile phone, which silently update overnight). Of course, we are aware of the potential risks, and Marcos explained that auto-updates will always be rolled out after a relevant time passes since the production release, to react to any possible issues. And of course, there are customers that would rather wait, and validate, and update manually, so the option will be kept for them (and you) as well. Thank you for your feedback, it´s appreciated. Michal
Recommended Posts