stew_case

Thanks Ron, That is basically how we have been managing the PUP's that we have been seeing. I have a default policy with the default settings to detect only on PUP's and detect and remove PUM's, and a second policy set for removal of both PUP's and PUM's. I have been switching machines back and forth between the two policies as needed. That said, I like your suggestion of creating a project to assess and focus on those that get threats. Instead of immediately cleaning, we could set the policy to prevent any modification and continue to monitor and clean as we have the resources to research and determine best course of action. Thanks for expertise. Stew

Hello, In an enterprise situation with over 5,000 clients we feel very uneasy changing the default behavior for PUP to "show in results list and check for removal". Especially since we have on a few occasions had files detected and blocked that were valid files being installed by one of our Vendors. That said, if we leave it as default, in no time at all we will have literally hundreds of machines showing the red stripe indicating a threat has been found. Most are viable threats, however they are just files that are present and not making any modifications unless activated. The only way to clean the console up is to change the policy and check them for removal, or add them to the ignore list. With this many machines you can imagine this would be daunting manual task on a daily basis. We have to look at each and every threat and evaluate it and decide weather to remove or ignore it. Would it be a viable strategy (Since these are only a threat when activated) to change the option for PUP to "do not show in results list"? AND leave the default option for PUM as "show in results list and check for removal"? Will it then stop showing all of the PUP's as a detected threat while at the same time protect us from unwanted modifications? Thanks in advance for your suggestions.

I am part of a support team for a company of approximately 6,000 seats. I have just a few suggestions for console features for future builds. It would be nice if you could enable us to choose a specific time of day we wish to pull any new available updates, rather that just 4 hours, daily, etc. for instance daily at 9:00 PM Along the same line, when checking for an update manually, how about being able to see how long that update has been in production before having to click yes or no to pulling it in. Or better yet, a setting that says ONLY pull in and update that has been in live production for 30, 60 or 90 minutes? While it is easier to deploy in mass using a 3rd party tool, the deploy from the console can be very handy. However it is very clunky having to do it by IP address, especially in a very mobile ever changing environment. How about the ability to push using Computer name or NetBIOS Name If we wish to have more than one policy and separate the users based on policy, it would be nice to be able to apply policies to the group folders and make it so any machine placed in that group would automatically get that policy applied to it. We have an ignore list which is great. How about a hit list for exe files we wish to block This seems thus far to be a great product. With some added features it has the potential to be a Top Notch Must have addition to any Corporate Enterprise.