I have a general question regarding the uprgade process and potential system vulnerabilities. We manage thousands of endpoints and some of the users are very touchy when it comes to restarts. Coordinating restarts with sub-departments can be a very time consuming process and also difficult (both logistically and politcally).
When upgrading clients, the system typically requires a reboot. When an update is pushed it, the clients are put into a pending restart state. Certain people have said that this is incredibly dangerous as the client is vulnerable during this time. Because of this, upgrading clients can be a very frustrating process because while we want everyone running the latest version we cannot always have machines reboot immediately after the upgrade.
I would like to know how long we are able to leave a client in the pending restart state. So my real question is this: After a client is in a pending restart state due to an upgrade, what exactly causes the client to be vunerable? Are certain features disabled entirely? Is the client simply unable to receive definition updates? Or is it something else.
I would appreciate any information on this so that I can make the process as non-intrusive as possible but also maximize security.
Thanks!