We've recently had some internal discussions regarding what is considered "out of date" with regards to virus definitions. So for example, your SEPM is current with today's date for definitions, and the definitions propagate out to clients. After several hours, you as the administrator of the SEPM notice you have several clients that show as being online, but their defs don't match what the SEPM says is current. I'm curious what other companies think and how they respond when clients show up on the SEPM with definitions that are not current and how long they wait to investigate. If possible, please state how large your environment is when responding. We're a fairly decent size enterprise with over 20,000 monitored devices if that helps add some scope to what we have.
I need a solution