Safe Deployment Practices

Document Version: 1
Date: 28th March 2025

Emsisoft Ltd. is committed to delivering world-class cybersecurity solutions that are fully integrated with our customers’ business platforms. We understand the critical role our products play in maintaining operational stability, and we take great care in ensuring that every update and feature enhancement is thoroughly tested and integrated in a way that minimizes disruption and maximizes protection.

Extensive Testing Workflow

Below is the process followed during active development, regression testing, and release preparation. The process involves feature development, bug fixing, code freeze announcement, and systematic regression testing to ensure software quality before release.

Active Development

  • Work Item Branches:
    During the active development phase, features and bugs are tested on separate work item branches. These branches are created to isolate the development of individual features or bug fixes from the main development line.
  • Feature/bug Testing:
    Each feature or bug fix is tested in isolation within its respective work item branch to ensure functionality before integration into the main development branch.

Code Freeze and Branch Preparation

  • Code Freeze Announcement:
    Once all planned features are completed and bugs are resolved, a code freeze is announced. This marks the point where no new features or major changes are to be introduced into the development process.
  • Dev Branch Preparation:
    A dev branch is prepared, which will serve as the foundation for regression testing. The work item branches are merged into this branch, and all final changes are consolidated in preparation for the testing phase.

Regression Testing

  • General Regression Test Cases:
    A general set of regression test cases is defined, covering the most critical
  • features of the application. These tests ensure that the system functions as expected after recent changes.
  • Change Log Analysis:
    The change log is reviewed to identify any modifications, new features, or bug fixes that may require additional validation. This analysis allows for the extension of the general regression test case list to cover any newly introduced functionality or changes.
  • Extended Test Cases:
    Based on the analysis of the change log, new or adjusted test cases are added to the regression suite to ensure that all affected areas are thoroughly tested.

Release Preparation

  • Regression Testing Execution:
    Once the test cases are defined and extended, a comprehensive regression test run is conducted. The goal is to verify the stability of the application and confirm that no existing functionality has been broken by recent changes.
  • Release:
    Following successful regression testing, the software is marked for release. The final release version is prepared for deployment.
  • Installer Testing:
    The testing of installers is conducted to ensure that the installation process is smooth and error-free. This phase verifies that the software can be correctly installed and uninstalled on target environments.

Performance Testing

Load and performance testing are performed before every release to ensure stability and performance.

Bare Metal and Virtual Machine Testing

  • Both bare metal and virtual machine environments are used for testing.
  • At a minimum, smoke testing is performed on bare metal systems to ensure basic functionality.

This structured workflow ensures that all planned features are properly tested, bugs are fixed, and the software is stable before release. Regression testing, combined with change log analysis, guarantees that all areas of the system are verified, especially those affected by recent development efforts. The release process includes testing the final product and installer to ensure a seamless deployment experience for end-users.

Product Version Management and Recovery Procedures

Emsisoft maintains robust version control and update management processes to ensure product stability and customer flexibility. With options for rolling back to previous versions, the ability to switch to a delayed update feed, and well-defined recovery procedures, Emsisoft strives to provide a seamless and reliable experience. Monitoring functions help track system performance, while release notes provide transparency on each update’s changes.

Version Storage and Access

  • Storing Previous Versions:
    Emsisoft stores the last three releases of its product. These versions are retained to ensure that customers can revert to earlier versions if necessary.
  • Customer Access to Previous Versions:
    Customers can switch to previous versions of the product when instructed by Emsisoft support. This ensures that customers can maintain stability while addressing potential issues with the most recent release.

Delayed Update Feed

  • Delayed Update Feed Overview:
    Emsisoft offers a “delayed” update feed, which is updated less frequently than the standard update feed. The versions in this feed are those that have been used by all regular customers for at least one month.
  • Customer Access:
    All users are free to switch to the delayed feed at any time. This allows users who prefer to wait for more extensive testing to adopt the update once it has been proven stable in the general user base.

Rollback Capabilities

  • Rollback Procedure:
    Emsisoft can immediately rollback the product to a previous version for all customers if required. This rollback can be done at any time, provided the updater functionality on the affected endpoints remains intact. Additionally, if the connection to EMC still works, the user can initiate a system restore.
  • Limitations:
    In cases where an endpoint is unable to boot or the updater functionality is damaged, automatic restoration is not possible. In such cases, recovery procedures are available via various support channels.

Support for Recovery Scenarios

Emsisoft provides detailed recovery instructions via support staff for cases where critical components such as the disk filter or ELAM driver fail, or when the endpoint cannot boot after an update. These instructions ensure that support teams can assist customers in restoring system functionality.

Monitoring and Reporting

Emsisoft has implemented comprehensive monitoring functions that provide insights into the following:

  • The number of currently connected devices
  • The product versions being used across all endpoints
  • Other key parameters that help track the performance and stability of the product in real-time.

Release Communication

For each product release, Emsisoft publishes a blog post and sends out emails to the customers, where all significant changes are listed. These blog posts serve to inform customers about new features, fixes, improvements, and any known issues with the release.

Kernel Code and Driver Design Philosophy

We prioritize maintaining lightweight and simple drivers to minimize the impact of potential bugs in kernel code. This approach involves a careful evaluation of the functionality that needs to be implemented in the driver versus functionality that can be handled by a user-mode service.

Design Principles

    1. Minimizing Kernel Code Complexity:
      • We carefully assess the necessity of each feature being integrated into the driver. Complex functionality is avoided in the kernel whenever possible.
    2. User Mode Services:
      • If a task can be executed effectively in user mode without compromising security or performance, it is offloaded to our user-mode service.
      • The user-mode service is designed with adequate protections to safeguard against potential attacks.
Emsisoft > Safe Deployment Practices