Patch Details

Lists all patch details, such as: Patch name, number of Unpatched devices, and number of Failed installs, Download status, Reliability, any Reported issues (Windows and macOS patches only), VRR group, CVE count, Vendor severity and CVSS threat scores.

Click a patch to open the Patch information page, which includes information such as: details of any patch that this one supersedes or is superseded by, the CVEs contained within the patch, details of unpatched devices, and any reported issues (Windows and macOS patches only).

• Sideload: Select the check boxes next to the patches you want to manually upload, and then click Sideload.
  This adds the selected patch files to the Pending Sideloads section of the Manage Sideloads tab on the Patch Intelligence dashboard.
  The Manage Sideloads tab automatically displays when you click Sideload.
  Learn more about Patch Sideloads.

• Patch Groups: Select to Add or Remove a patch from a Patch Group. Select the check box next to a patch and select Patch Groups > Add to Patch Group or Remove from this Patch Group to add or remove the patch from a Patch Group. To learn more, refer to Patch Groups.
• Export: Select the patches you want to include in the export, then select Export to create a CSV file and save it to your local downloads folder.

Lists the CVEs associated with the patch, including; the VRR Group, VRR score, CVSS score; v4, v3, v2 as applicable (the CVSS latest version score is shown in the CVSS column, to display a specific CVSS version, select it from the Column Chooser ), and if there are any known exploits, together with the exploit published date and any known malware.

VRR score: A numerical score between 0 and 10, where higher is more severe. For further details see Threat & Risk.

Real-time vulnerability intelligence provides known Exploit or Malware data per CVE. Exploit and Malware context provides a deeper level of vulnerability insight. Vulnerabilities become actionable via a thorough understanding of their full context, including any active exploits.

Exploits:

• DoS: Denial of Service is an attack against a computer or network which reduces, restricts or prevents accessibility of its system resources to authorized users.
• PE: Privilege Escalation vulnerabilities allow attackers to impersonate other users, or gain permissions they should not have. These vulnerabilities occur when code makes access decisions on the back of untrusted inputs.
• RCE: Remote Code Execution attack happens when a threat actor illegally accesses and manipulates a computer or server without authorization from its owner. A system can be taken over using malware.
• WA: Web Application vulnerabilities involve a system flaw or weakness in a web-based application. They arise because web applications need to interact with multiple users across multiple networks, and that level of accessibility is easily taken advantage of by hackers.

Malware:

• Ransomware: Malicious software designed to block access to a computer system until a sum of money, or the ransom, is paid.
• Exploit Kit: A toolkit used by cybercriminals to attack vulnerabilities in systems so they can distribute malware or perform malicious activities. They tend to be deployed covertly on legitimate websites that have been hacked, the site operators and visitors are often unaware of this exploit.

This tab is available only when data has been received from the Ivanti Neurons Agent patch scan or a connector.

The grid lists all the devices that do not have this patch installed. The device name, domain name, IP address, OS name and OS version are shown. The Management column provides the name of the agent managing the device, which will either be a supported Connector, or Ivanti Neurons.

The patch install status is taken from the most recent scan from the Neurons patch engine if one is available. A scan from an Ivanti Endpoint Manager connector will be used if it is newer than the Neurons scan. Scans from other connectors are used only if the previous Neurons scan was more than 7 days ago. Having multiple connectors reporting on a device can provide conflicting information due to differing schedules, deployment results, and assessment results. Therefore, we recommend managing endpoint devices with a single connector.

Click on a Device name to open the Neurons Platform > Devices > Device > Patches page.

The Reported Issues tab only displays for Windows and macOS patches.

Reported issues can help you understand why a particular patch may or may not have rolled out smoothly and any additional steps that may be required. The reported issues are categorized as follows:

Official reported issues: Any vendor reported issues, such as Microsoft Known Issues, which relate to the patch are automatically listed here.

Customer reported issues: Any issues can be submitted about a patch, which Ivanti will review and anonymize.

Ivanti reported issues: Any issues reported by Ivanti.

Add New Issue: Select to add an issue to a patch. The section expands for you to complete the following:

• Patches affected: Select all of the patches the issue relates to.
• Issue description: Describe what the issue is in 500 characters or less. Include symptoms and remediation steps.
• Number of endpoints affected: Select the number band of endpoints you have experienced this issue on in your environment.
• I had to roll this patch back: Check this box if the issue caused you to roll back.
• Add Issue: Select to submit the issue to the Ivanti moderators. If approved, the issue will be displayed in the Reported Issues, this can take up to 48 hours.