cmmc-si-3 High priority System & Info Integrity / Malware Protection

Update malware protection mechanisms when new releases are available

Antivirus and endpoint protection software is only effective against threats its detection definitions know about. Malware authors release new variants continuously, and protection software must receive regular updates to detect them. Outdated definitions leave systems vulnerable to threats that have been known for days or weeks. Most modern endpoint protection tools support automatic updates, and there is rarely a good reason to disable them.

2h estimated effort

malware endpoint-security patching

Implementation steps

1

Enable automatic definition and engine updates

Configure endpoint protection on all systems to automatically download and apply definition updates as they are released by the vendor. Most enterprise platforms update multiple times daily. Confirm that automatic updates are enabled in the management console and that endpoints are successfully receiving updates.

crowdstrike sentinelone microsoft-defender carbon-black
2

Monitor update status across all endpoints

Use the centralized management console to monitor which endpoints have current definitions and which are behind. Set alerts for endpoints that have not received an update within 24 to 48 hours so you can investigate and remediate quickly. Endpoints that are offline for extended periods (traveling laptops, infrequently used systems) need particular attention.

crowdstrike sentinelone microsoft-defender intune
3

Document the update policy and monitor exceptions

Document your policy for how frequently definitions must be updated and the maximum acceptable staleness. Track any systems with exceptions (e.g., air-gapped systems that cannot auto-update) and establish a manual update process for them.

confluence excel