Start a Conversation

Unsolved

H

3 Posts

724

May 9th, 2022 05:00

Is there a way to disable SCG auto updates?

Customer has a Cyber Recovery Vault we notice that SCG auto updates. goes off to dell and pulls in the latest install.

Is there a way of stopping that auto update

Cant have auto updates being pulled into secure Vault.

 

Thanks

Paul.

Moderator

 • 

9.5K Posts

May 9th, 2022 11:00

Hoppo,

 

 

Would you confirm if you are referring to the update banner that is displayed, or if it is mentioning Policy Configuration? 

I ask as I haven't seen a function of SCG that would automatically download an update on its own. 

If you have any screenshots of what you're seeing, it would help as well. 

 

Let me know.

 

 

 

3 Posts

May 10th, 2022 07:00

Hi Chris.

The question came to me from a colleague, so I have asked them to confirm what you are asking.

 

Thanks

3 Posts

May 12th, 2022 00:00

Hello again this was the feedback I got below:

It wasn’t the banner as we have just installed a fresh latest version so haven’t seen that yet. But we were concerned that when there is an update for SCG, it just goes ahead and downloads it. Perhaps not installs, but grabs the data from base and pulls it to the local server ready for deploy.

 

So I’m looking for clarity on how the updates happen. Do they,

Flag an alert with the banner and say there is an update to download, but this is all, and it requires manual intervention to go and get the new update.

Flag an alert and download the latest update but wait for manual intervention to install

Flags an alert, downloads and updates automatically.

Also we had a query that if we didn’t install policy manager and only had SCG, does this then automatically allow Dell support to connect remotely, or is the default, no access.

We have installed policy manager so the above is more for better understanding on our part. To follow on from this, If we have SCG and 5 devices connected and reporting, but only 4 of these have policies assigned, the 5th one will accept incoming connections or the default is no access?

Moderator

 • 

9.5K Posts

May 16th, 2022 04:00

Hoppo,

 

All i see is it downloads the catalog, in order to know what new versions might exist. Can you confirm if that is what they're seeing?

 

1 Message

May 18th, 2022 06:00

Hi Chris,

Thanks Hoppo for forwarding my queries. As I've found the forum now I can save you the overhead.

Software Updates

We haven't "seen" any auto downloads as yet as we have just installed the latest version at the customer so nothing has appeared yet. But we can't determine from the documentation how it behaved when there was an update.

We are technically in a Dark Site for this customer and we are happy for SCG to go OUT and send data. We are not happy for data to come in without having been through a particular route and process. That means if there is an update, we will not be clicking on the banner and updating directly from the console. We would manually download the next version/patch/update and then run it through the mill to get to our SCG server. And then apply it ourselves.

Our concern was that it is possible to update from the console and this is not an ideal situation.
So we wanted to check, now based on your previous reply how the download behaves.

The catalog is regularly checked for update and if there is one, we get a banner saying it is there to download. In a normal environment you would accept this and the update (along with some steps) is performed.
In our environment we would see the banner, not click to download and follow our manual process.

However, this still allows someone to accidentally or intentionally download the update directly to the server. Is there a way of blocking this? We can't close a FW rule for this as it shares with the same ports to send the logs up.


Connectivity in
If we add a device to the SCG server and do not add it to policy manager, is the default behaviour to allow access to this device from the support team? So if we need to restrict it, we need to add the device and then quickly set a policy for it to close that communication.

Thanks for your support on this, we've read a lot of the docs and looked at the SABA material but some of the information we require might be out of the normal standard list of queries.

Rich

Moderator

 • 

9.5K Posts

May 18th, 2022 07:00

TrickyDickie,

 

There isn't currently a way to disable the banner, but if you like I could submit a request for the feature to be added, yet I couldn't guarantee that it would be implemented. If you would like me to though, you can private message me a svc tag and I can submit it for you.

 

As far as steps to subvert the banner, it would cause loads of emails to be sent out reporting the failure.

 

 

 

No Events found!

Top