Recommendations

Before updating an existing environment to this new version of SES Evolution:
- Read this section carefully,
- Read the section Explanations on usage carefully,
- Read the section Known issues in the StormshieldKnowledge base carefully (use the same login credentials as those for your MyStormshield client area).
Built-in rule sets provided by Stormshield are automatically updated in the administration console when the solution is updated. However, this is not the case for built-in security policies. When necessary, you must manually update your policies in the console if any of the sets that they contain have a green arrow, as described in step 4 of the procedure below.
The following are the major steps involved in updating policies and the pool to this new version:
1 |
Updating SES Evolution via the Installation Center |
2 | Updating security policies to use the latest versions of rule sets |
3 | Creating a test agent group |
4 | Selecting pilot agents for the test group and monitoring their behavior for several days |
5 |
Updating all agents to version 2.4.1 |
We recommend that you follow the detailed procedure below for the update:
-
If there are unsaved changes in your administration consoles, save them and shut down the consoles.
-
Follow the procedure for updating SES Evolutioncomponents via the Installation Center, as explained in the Installation guide.
-
Once the update via the Installation Center is complete, open the consoles again to finalize the update. A message will warn you that the security policies are not using the latest version of the rule sets. Policies were not automatically updated in order to prevent compatibility issues with agents in versions lower than version 2.4.1.
-
Select a console. In the console's Policies menu, a green arrow pointing upwards indicates policies that are not using the latest version of some rule sets.
Duplicate a policy containing a green arrow, such as the default policy, for example. -
Select the copy of the policy and click on Edit.
-
Rename the policy by adding the version number "2.4.1" for example.
-
Select Always use latest version for all rule sets containing a green arrow.
-
Save the policy.
-
Now, duplicate one of your production agent groups to test the deployment in version 2.4.1 with the new updated policy.
-
In the Policies tab, select the policy created earlier.
-
Ensure that the software version selected in the Version section of the Software tab is 2.4.1.
-
Save the new group.
-
You will now select one or several agents in your initial group, which will be used as pilot agents. In the General tab of the initial group, select the pilot agents and click on Move agents to. Select the new test group.
-
In the Environment menu, click on Deploy to deploy the changes made to your environment.
-
After the pilot agents have reconnected to the agent handler, the workstations must be restarted. After restarting, ensure that the agents have indeed switched to software version 2.4.1 and that they are using the new policy.
Test the behavior of the pilot agents for several days. Once you are sure that they are running properly, you can update all the agents in the pool. There are two ways to do so:
-
Select the new policy and software version 2.4.1 in your production agent groups. If you choose this option, remember to delete the test group.
- or -
-
Duplicate all your production groups and update them, then delete older groups if necessary.
If there is a need for agents to downgrade to an earlier version after updating to version 2.4.1, the version would no longer be compatible with the policies that contain version 2.4.1 features. We recommend that you then move the affected agents back to their original group.

With version 2.4.1, Stormshield provides protection and audit rule sets. These rule sets are shared and are either built into the console or need to be downloaded, and can be used in built-in policies or in your own policies.
You can follow the recommendations below regarding the order of sets and which sets to use in your policies.
Default policy
Order | Rule sets |
Included/Optional |
|
---|---|---|---|
1 | Audits of attack contexts | Included | |
2 | Monitoring of known dangerous or vulnerable drivers | Included | |
3 | Windows Defender event forwarding | Optional | |
4 | Your own audit rule set | Optional | |
5 | Secured Wi-Fi hotspots | Optional | |
6 | Block-list of known dangerous applications | Included | |
7 | Advanced protections | Included | |
8 | Anti-ransomware protection | Included | |
9 | Your own protection rule set | Optional | |
10 | Protection against malicious usage of LOLBIN | Optional | |
11 | Data leak prevention | Included | |
12 |
Protection baseline | Included | |
13 |
Common applications hardening | Optional | |
14 |
Common network hardening | Optional |
Backoffice component protection
Order | Rule sets | Included/Recommended/Optional | |
---|---|---|---|
1 | Audits of attack contexts | Included | |
2 | Monitoring of known dangerous or vulnerable drivers | Included | |
3 | Windows Defender event forwarding | Optional | |
4 | Your own audit rule set | Optional | |
5 | Block-list of known dangerous applications | Included | |
6 | Backend protection | Recommended (backend only) | |
7 | Agent handler protection | Recommended (agent handlers only) | |
8 | Administration console protection | Recommended (administration consoles only) | |
9 | Advanced protections | Included | |
10 | Anti-ransomware protection | Included | |
11 | Your own protection rule set | Optional | |
12 | Protection against malicious usage of LOLBIN | Optional | |
13 | Data leak prevention | Optional | |
14 | Protection baseline | Included | |
15 | Common applications hardening | Optional | |
16 | Common network hardening | Optional |
Other Stormshield built-in rule sets can be found in shared rule sets. For more information, refer to the sections

Before updating the Microsoft operating system on workstations that host SES Evolution agents, ensure that you have the most recent Stormshield rule sets. If this is not the case, download the latest rule sets