the default messages about old definitions is bullshit when device was offline for a long time. SEP should include or check the offline time or the message should appear later so the device has enough time to get any update.
Example: device was offline for 7 days because of vacation, policy says bring a message if definitions are older than 5 days, device is booting, user logs in and the old definitions message appears, for sure its old but how should be updated in seconds?
may include the check to extend the time or check the definition version after one hour after booting
at that time the implementation is senseless