Patch Management
Fully integrated in GravityZone, Patch Management keeps operating systems and software applications up to date and provides a comprehensive view on the patch status for your managed Windows and Linux endpoints.
The product is available as an add-on, which, when added to your company is listed next to your main license:
The product gives your company access to the following capabilities:
Monitor and manage patch deployment across all your endpoints using automatic and on-demand patching.
Easily track and control the status of installed, missing, and failed patches.
Make use of a detailed Patch Inventory, which offers comprehensive patch-related data (CVE, BulletinID).
Rapidly deploy absent patches and patch blacklisting, enabling the temporary prevention of patch installation that could disrupt workflows.
Get full visibility and control over the status of installed, missing, and failed patches across all endpoints by making use of Reporting and Notifications.
Enhance your company's Risk Management with detailed patch data from across your network.
These capabilities are deployed on your endpoints through the use of a module and the application of policy.
The Patch Management module of GravityZone supports a vast set of software products. In Control Center you can view only the products installed in your network for which GravityZone provides patches. The module includes several features, such as on-demand and scheduled patch scanning, automatic and manual patching or missing patch reporting.
Start the trial
To start the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the In Product Trials page.
Select Learn more under the Patch Management section.
Select Start free trial.
The add-on will be added to your company's list of licenses as a separate product. You will be redirected the home page where you will see the new sections in GravityZone available to you.
Note
To remove the Patch Management license key, you can use the Stop Trial button. Learn more
Configure and install the new feature
Important
We recommend trying out the new feature on a limited set of endpoints. This is most easily done by creating a new policy and applying it to the endpoints selected for testing.
To start using these new features, follow the steps below:
Go the Configuration Profiles page.
Go to the Maintenance windows tab and select Add window.
Note
You can use maintenance windows to configure automatic patch deployment for your company. To do this, you need to configure how patches are downloaded to endpoints and which patches you want installed, and when.
Follow the process described here to create a new Maintenance Window.
Note
We recommend using the Smart scan for patches when new applications are installed - when a new application is installed on the endpoint, the security agent automatically installs all discovered OS and application updates, regardless of any planned scan and installation tasks.
Go to the Policies page.
You can either:
Apply Patch Management settings into your network, by assigning the maintenance window to a policy.
Save your policy.
If you created a new policy, apply it to the endpoints you want to test it on.
If you edited an existing policy, the changes will take place on all endpoints it was applied to.
This will allow you to enable the newly available feature on all selected endpoints.
Go to the Network page and select the endpoints you wish to deploy the module on.
Click the Tasks button and select Reconfigure client.
Under Modules select Add and enable Patch Management.
Note
For more information on using the Reconfigure client task refer to Reconfigure agent.
Click Save.
The task will now deploy the Patch Management module on all selected endpoints.
Test out the new feature
Create a Scan Task from the Network page.
Go to the Patch Inventory page and view the patch details.
Here you can also search for patches and filter out results, ignore specific patches and generate patch statistics.
Go to the Reports page.
Click the Add button in the upper left side of the page.
Select Network Patch Status.
Under the Select target section, select the endpoints you want to run the report on.
Click Save.
Note
For more information refer to Creating reports.
A report will be automatically generated and displayed containing information on all selected endpoints including:
Target machine (endpoint name, IP and operating system).
Security patches (installed patches, failed patches, missing security and non-security patches).
Status and last modified time for checked-out endpoints.
The name of the company containing the target machine.
Stop the trial
To stop the trial, follow the steps below:
Log in to GravityZone with your administrator account.
Click the button on the upper right side of the console to access the In Product Trials page.
Select Learn more under the Patch Management section.
Select Stop trial.
The product will be removed from your company and all additional features will be disabled.
Note
The data from Patch Management is not immediately removed after the trial ends. If you later decide to purchase a license the data and settings created during the trial will once again be made available.