Skip to main content

Patch tasks

It is recommended to regularly check for software updates and apply them as soon as possible. GravityZone automates this process through security policies, but if you need to update the software on certain endpoints right away, run the following tasks in this order:

Prerequisites

Patch Scan

Endpoints with outdated software are vulnerable to attacks. It is recommended to regularly check the software installed on your endpoints and update it as soon as possible. To scan your endpoints for missing patches:

  1. Go to the Network page.

  2. Select the container that you want from the left-side pane. All endpoints from the selected container are displayed in the right-side pane table.

  3. Select the target endpoints.

  4. Click the task.png Tasks button at the upper side of the table and choose Patch Scan. A confirmation window will appear.

  5. Click Yes to confirm the scan task.

    When the task finishes, GravityZone adds in Patch Inventory all patches your software needs. For more details, refer to Patch Inventory.

You can view and manage the task on the Network > Tasks page. For more information, refer to Viewing and managing tasks.

Note

To schedule patch scanning, edit the policies assigned to the target endpoints, and configure the settings in the Patch management section. For more information, refer to Patch Management.

Patch Install

To install one or more patches on the target endpoints:

  1. Go to the Network page.

  2. Select the container that you want from the left-side pane. All endpoints from the selected container are displayed in the right-side pane table.

  3. Click the task.pngTasks button at the upper side of the table and choose Patch Install.

    A configuration window will appear. Here, you can view all patches missing from the target endpoints.

  4. If needed, use the sorting and filtering options at the upper side of the table to find specific patches.

  5. Click the columns.pngColumns button at the upper-right side of the pane to view only relevant information.

  6. Select the patches you want to install.

    Certain patches depend on others. In such case, they are automatically selected once with the patch.

    Clicking the numbers of CVEs or Products will display a pane in the left side. The pane contains additional information, such as the CVEs which the patch resolves, or the products to which the patch applies. When done reading, click Close to hide the pane.

  7. Select Reboot endpoints after installing the patch, if required to restart the endpoints immediately after the patch installation, if a system restart is required. Take into account that this action may disrupt the user activity.

  8. Click Install.

    The installation task is created, together with sub-tasks for each target endpoint.

You can view and manage the task on the Network > Tasks page. For more information, refer to Viewing and managing tasks.

Note

  • To schedule patch deployment and configure the settings in the Configuration Profiles > Maintenance Windows section. For more information, refer to Maintenance Windows.

  • You can also install a patch from the Patch Inventory page, starting from a certain patch that you are interested in. In this case, select the patch from the list, click the Install button at the upper side of the table and configure the patch installation details. For more details, refer to Patch Inventory.

  • After installing a patch, we recommend sending a Patch scan task to target endpoints. This action will update the patch information stored in GravityZone for your managed networks.

  • On macOS, GravityZone applies operating system patches only for minor versions, for example from version 13.5 (Ventura) to 13.6 (Ventura), but not from 13.9 (Ventura) to 14.0 (Sonoma). Installing an operating system patch may require restarting the endpoint. The local user can postpone the installation for up to 4 hours in the prompt window.

You can uninstall patches:

  • Remotely, by sending a patch uninstall task from GravityZone.

  • Locally on the endpoint. In this case, you need to log in as an administrator to the endpoint and run the uninstaller manually.