Patch Sideloads

If a patch file is not available as an automatic download from a vendor, it will require sideloading. Sideloading is when a patch file needs to be manually sourced from the vendor. This may happen in situations such as, if a vendor only makes the latest patch available and you want an older patch, or the patch download link may be behind a paywall and require a login to the vendor website, so manual selection or intervention is required.

Sideloaded patch files are stored in so-called blob-storage. To access this storage, you may need to add a URL to the allow list of your firewall. For the exact URL, see the applicable landscape-specific section of Required URLs, IP addresses and ports.

You manage sideloads in the Ivanti Neurons Platform Patch Management > Patch Intelligence, on the Sideloads tab. The tab has two sections: Pending Sideloads and Completed Sideloads.

Patches that require sideloading can be identified on the Advisories dashboard > summary grid > Download Status column.
Possible download statuses are:

  • Automatic: The patch file is automatically available from the vendor.
  • Sideload required: The patch file is not automatically available from the vendor and requires the patch to be manually sourced and uploaded to Ivanti Neurons.
  • Sideload in progress: The patch file has been selected and is currently being uploaded to Ivanti Neurons.
  • Sideloaded: The patch file has been uploaded to Ivanti Neurons and the content is available for deployment.

Pending Sideloads

This section lists all of the selected patch files that require a manual download from the vendor.

You must download the patch file from the vendor website and save it to a local folder. Be sure to download the correct language version of the file. The file must be of a supported file type: .cab, .exe, .iso, .msi, .msp, .msu, .zip.

Do not navigate away from Patch Intelligence while any file is uploading, otherwise any uploads in progress will be canceled.

All files selected for sideloading are listed, with the following information:

Name: The patch file name.

External Vendor: The name of the patch vendor.

Culture: The language the file is available in.

File Status: The status of the patch file. Possible status are:

  • No file selected: You need to click Select File to choose the patch file to upload.
  • Uploading: The file is currently being uploaded to Ivanti Neurons.
    Do not navigate away from Patch Intelligence whilst this is in progress, otherwise the upload will stop.
  • Verifying: The file undergoes the four verification scans to check for risks:
    • File Header Match: An attempt is made to match the file header for the file extension.
    • Sha-256 Hash Confirmation: Calculates the SHA-256 hash of the patch file. Please check that it matches the expected value with the vendor.
    • Digital Signature Validation: An attempt to verify the digital signature of the patch file. If the patch file is not signed, you will be prompted to manually confirm the file details. For your convenience, a SHA-256 file hash of the file is displayed in the expandable file details panel.
    • Threat Scan: The file is scanned by an anti-virus scanner for threats.
  • Verified: The file has successfully passed all scans and been verified.
    Once verified you can expand the file to expose a review panel, showing details such as size, hash key, verified scan results and thumbprint.
  • No file extension: The selected file has no file extension.
  • Threat scan failed: The threat scan has failed and the file is classed as high risk.
  • File type not supported: The selected file is not in a supported format. The file must be one of the following types: .cab, .exe, .iso, .msi, .msp, .msu, .zip.
  • Multiple scan failures: The patch file has failed at least one of the four verification scans.
  • Vendor certificate mismatch: The digital signature of the uploaded file did not meet the expected vendor for the patch.

Actions:

  • Select File: Opens File Explorer. Locate and select the required file to download.
  • Approve: Once the patch file has been downloaded and verified, click Approve . This moves the file down to the Completed Sideloads section, making it available for deployment in the usual manner.
  • delete icon: Select the bin icon next to the file to delete the file from the pending list.

Completed Sideloads

This section lists all manually downloaded patch files that have been verified and approved. The following details for each file are provided:

Name: The vendor name for the patch file.

Culture: The patch file language.

Approved By: The name of the user that approved the file.

Approved Date: The date the file was approved.

File Name: The name of the uploaded file.

Size: The file size.

Status: The status of the file:

  • Verified
  • No valid signatures
  • Vendor certificate mismatch
  • Multiple scan failures
  • Unknown error
  • Threat scan failed

Actions:

  • Replace: Select the check box to the left of the patch name and click Replace to move the patch back up to the Pending Sideloads section. You can then select a different file to download for the patch, for example if there is a later file that's been made available.

  • Delete: Select the check box to the left of the patch name and click Delete to delete the patch. If you want to sideload this patch you will need to re-select it on the Patches tab of the Patch Details pane to re-add it to Pending Sideloads.

  1. On the Ivanti Neurons Platform navigate to Patch Management > Patch Intelligence. If the patch has been identified as missing, it will be visible on the Advisories dashboard.
  2. Filter the Download Status column to Sideload Required, this will display only the patches that require manually sourcing.
  3. From the filtered list of patches, click on the Name of the required patch, for example: 'Java 8 Update 333'.
    The Patch details page appears.
  4. All files for the selected patch are listed, select the check box next to the file you want to sideload. Multiple files can be selected.
  5. Click Sideload.
    The Manage Sideloads tab on the Patch Intelligence dashboard appears.
  6. The chosen patch file is now listed in the Manage Sideloads > Pending Sideloads section.
  7. The patch file must first be downloaded from the vendor website, before you can upload it to Ivanti Neurons. Follow the download instructions on the vendor website and be sure to select the correct language version. Save the file to a local folder.
  8. When the patch file has been downloaded and saved to a local folder, click Select File.
  9. If the selected file is a multi-lingual file, the Choose a Culture dialog displays. Select the required language from the drop-down list, click Confirm.
    File Explorer opens.
  10. Navigate to where the file is saved, select the file, and click Open. The Pending Sideloads File Status changes to Uploading.
  11. The status will continue to update as the file goes through the verifying scans. Once all scans complete the status changes to Verified.
    If there are any problems with the download, the updated status will reflect that, for example; Threat scan failed.
  12. Once the file has a status of Verified, the Approve action is available.
  13. Click Approve to move the patch file down to the Completed Sideloads section.
    Files in the Completed Sideloads section will be deployed from Ivanti Neurons tenant storage to the Ivanti Neurons agent for deployment as needed when included in a Patch Configuration.