Patch Details

In the Ivanti Neurons Patch Intelligence summary grid click a patch ID or Name to open the Patch Details page, here you can view further details such as: associated CVEs, list of devices which do not have the patch installed, and any reported issues with this patch.

If you have Ivanti Neurons Patch for Intune on your tenant, the View in Patch for Intune button is present. Select to view the patch details in Patch for Intune.

Overview section

The patch name is followed by the option to place a downvote, to indicate if you have encountered any issues or problems with the patch. If you have not placed a vote you will see the gray thumbs-down icon white thumb down icon to indicate a down vote has not been placed you are only allowed one vote, if this has been used you will see a blue thumbs-down icon blue thumb down icon indicating a down vote has been placed. Next to the icon is the number of down-votes received.

Key Performance Indicator (KPI) tiles display to provide a patch detail overview:

  • KPI for Windows and Mac: Vendor severity, VRR, Reported issues, and Products affected.
  • KPI for Linux: Vendor severity, VRR, Products affected.

A brief description of what the patch addresses and a link to open the Vendor summary in a new browser tab is also provided.

Device Groups

At the top of the page, the Device Groups field enables the selection or omission of specific device groups to the page view. Once applied, charts and tables are filtered to align with the selection criteria.

Click on Device groups bar, in the panel select Use this selection across all Neurons Patch Management option to apply the same set of device groups across Neurons Patch Management. Once applied, the Device groups bar displays and lists the number of selected groups. You can toggle the filtered device groups off by clicking the icon directly, and changing it to .

The Device groups bar displays when you select device groups from the list to filter the page view. Click on Device groups to clear the device group filter locally.

For information about managing device groups, see Devices.

Tabs section

Lists all patch details, such as: Patch name, number of Unpatched devices, and number of Failed installs, Download status, Reliability, any Reported issues (Windows and macOS patches only), VRR group, CVE count, Vendor severity and CVSS threat scores.

Click a patch to open the Patch information page, which includes information such as: details of any patch that this one supersedes or is superseded by, the CVEs contained within the patch, details of unpatched devices, and any reported issues (Windows and macOS patches only).

  • Sideload: Select the check boxes next to the patches you want to manually upload, and then click Sideload.
    This adds the selected patch files to the Pending Sideloads section of the Manage Sideloads tab on the Patch Intelligence dashboard.
    The Manage Sideloads tab automatically displays when you click Sideload.
    Learn more about Patch Sideloads.
  • Patch Groups: Select to Add or Remove a patch from a Patch Group. Select the check box next to a patch and select Patch Groups > Add to Patch Group or Remove from this Patch Group to add or remove the patch from a Patch Group. To learn more, refer to Patch Groups.
  • Export: Select the patches you want to include in the export, then select Export to create a CSV file and save it to your local downloads folder.

Lists the CVEs associated with the patch, including; the VRR Group, VRR score, CVSS score; v4, v3, v2 as applicable (the CVSS latest version score is shown in the CVSS column, to display a specific CVSS version, select it from the Column Chooser ), and if there are any known exploits, together with the exploit published date and any known malware.

VRR score: A numerical score between 0 and 10, where higher is more severe. For further details see Threat & Risk.

Real-time vulnerability intelligence provides known Exploit or Malware data per CVE. Exploit and Malware context provides a deeper level of vulnerability insight. Vulnerabilities become actionable via a thorough understanding of their full context, including any active exploits.

Exploits:

  • DoS: Denial of Service is an attack against a computer or network which reduces, restricts or prevents accessibility of its system resources to authorized users.
  • PE: Privilege Escalation vulnerabilities allow attackers to impersonate other users, or gain permissions they should not have. These vulnerabilities occur when code makes access decisions on the back of untrusted inputs.
  • RCE: Remote Code Execution attack happens when a threat actor illegally accesses and manipulates a computer or server without authorization from its owner. A system can be taken over using malware.
  • WA: Web Application vulnerabilities involve a system flaw or weakness in a web-based application. They arise because web applications need to interact with multiple users across multiple networks, and that level of accessibility is easily taken advantage of by hackers.

Malware:

  • Ransomware: Malicious software designed to block access to a computer system until a sum of money, or the ransom, is paid.
  • Exploit Kit: A toolkit used by cybercriminals to attack vulnerabilities in systems so they can distribute malware or perform malicious activities. They tend to be deployed covertly on legitimate websites that have been hacked, the site operators and visitors are often unaware of this exploit.

This tab is available only when data has been received from the Ivanti Neurons Agent patch scan or a connector.

The grid lists all the devices that do not have this patch installed. The device name, domain name, IP address, OS name and OS version are shown. The Management column provides the name of the agent managing the device, which will either be a supported Connector, or Ivanti Neurons.

The list of devices under charts and device summary is determined by the scopes assigned to members by administrators. For more information on scope assignment, see Access Control: Scopes.

The patch install status is taken from the most recent scan from the Neurons patch engine if one is available. A scan from an Ivanti Endpoint Manager connector will be used if it is newer than the Neurons scan. Scans from other connectors are used only if the previous Neurons scan was more than 7 days ago. Having multiple connectors reporting on a device can provide conflicting information due to differing schedules, deployment results, and assessment results. Therefore, we recommend managing endpoint devices with a single connector.

Click on a Device name to open the Neurons Platform > Devices > Device > Patches page.

The Reported Issues tab only displays for Windows and macOS patches.

Reported issues can help you understand why a particular patch may or may not have rolled out smoothly and any additional steps that may be required. The reported issues are categorized as follows:

Official reported issues: Any vendor reported issues, such as Microsoft Known Issues, which relate to the patch are automatically listed here.

Customer reported issues: Any issues can be submitted about a patch, which Ivanti will review and anonymize.

Ivanti reported issues: Any issues reported by Ivanti.

Add New Issue: Select to add an issue to a patch. The section expands for you to complete the following:

  • Patches affected: Select all of the patches the issue relates to.
  • Issue description: Describe what the issue is in 500 characters or less. Include symptoms and remediation steps.
  • Number of endpoints affected: Select the number band of endpoints you have experienced this issue on in your environment.
  • I had to roll this patch back: Check this box if the issue caused you to roll back.
  • Add Issue: Select to submit the issue to the Ivanti moderators. If approved, the issue will be displayed in the Reported Issues, this can take up to 48 hours.
Related topics

Patch Summary

Patch Groups

Patch Management