Security Controls

Creating a New Patch Task

A patch task is used to define how and when the target machines will be scanned for missing patches. It can also be used to optionally deploy any patches identified as missing. If you do not create a patch task, then no patch scanning or patch deployment will be performed by agents that are assigned this policy.

Depending on the operating systems supported in your organization, you may create patch tasks for Windows machines, for Linux machines, or both. You can create multiple patch tasks for one agent policy. Each task can be expanded and collapsed using the icon () that resides on the task title bar. This enables you to view just the task you are working on at any one time.

While there is no theoretical limit to the number of patch tasks you can create for an agent policy, there is a practical limit.  For example, it may become difficult to track and manage a policy if it contains too many patch tasks. Also, it may be problematic if you enable patch deployment on several different patch tasks. This is because that while scanning is relatively transparent to the user, deploying patches is not, as it often involves a reboot of the user's machine. In addition, you run the risk of multiple deployments occurring on one machine at the same time.

You configure agent patch tasks on the Patch tab. You can edit an existing patch task, or you can create a new task by clicking either Add a Windows Patch Task or Add a Linux Patch Task. Be sure to give the task a descriptive name because this is the name that will appear within the Windows client program.

Configuring a Windows Patch Task

Configuring a Linux Patch Task

Saving an Agent Policy

 


Was this article useful?