The Downloads tab allows you to specify the location from which the files used by the program will be downloaded and refreshed. The files include the engine components, the news file displayed on the home page, and the deployment information file, as well as download source for the patch and product level files. The program will check an Internet location or the specified distribution server to determine if newer versions of the files are available.
Displays the location of the patch download directory. This directory is used to store all patches that are downloaded in advance of a patch deployment.
To change the location, click the browse button.
IMPORTANT! If the directory resides on a network drive be sure to use the UNC naming convention; DO NOT SPECIFY A MAPPED DRIVE.
If desired, you can specify a remote share directory for the patch download directory. In order for this to work, appropriate permissions need to be set on the remote directory. Both the Security Controls console user and the console machine need to be granted access to the download directory. The console user should have read/write permission to the share and the console machine needs read access. When specifying share permissions for a machine, you must append a ”$” to the end of the machine name.
In some configurations additional users may need to be granted access to the download directory. If you specify machine or machine group credentials for machines that download patches from a distribution server, the specified user accounts will require read access to the download directory share.
Making the download directory share readable by everyone may or may not be an effective strategy. It depends on:
•Whether the credential users and the download directory host belong to the same (or trusted) domain(s)
•The specifics of the local security policy
Definition download source
You can specify where the latest engine components and data files downloaded by this console are located. The available options are:
•Auto-update definitions (before scans): If enabled, will cause the program to automatically check for and download updated data definition files whenever a new scan is performed. Enabling this check box will also enable the Tools > Auto-update definitions menu command.
•Default (http://content.ivanti.com): Indicates you want to use the default location when downloading the files. The files are located at http://content.ivanti.com.
•Custom share or URL: You must specify the path name of the share or the URL of the website that will be used when downloading files. It is the administrator's responsibility to make the files available at this location.
•Specific Distribution Server: You must select the name of the distribution server that will be used when downloading files. You must have previously configured one or more distribution servers in order for the names to be pre-populated in this box. The newest versions of engines and data files can be periodically downloaded and copied to the distribution servers using the server synchronization feature.
There are unique credential requirements when using a distribution server as the download source. For more information see Configuring Distribution Servers.
Patch and product level download source
You can specify where the latest patch and product level files downloaded by this console are located. The available options are:
•Vendor websites: Patches deployed from the console are downloaded directly from the websites of the companies that author the patches. This is the default. The location of the websites are stored in the patch information file.
The other two download options are used if this console does not have an Internet connection or when the patches and product levels are being pre-downloaded to some central location.
•Custom share or URL: If enabled, you must specify the path name of the share or the URL of the website that will be used when downloading files. It is the administrator's responsibility to make the files available at this location.
•Specific Distribution Server: If enabled, you must select the distribution server that will be used when downloading patch files. You must have previously configured one or more distribution servers in order for the names to be pre-populated in this box. For more information see Configuring Distribution Servers.
This option is typically used by unattended console or disconnected console configurations. The patches and product levels are downloaded by a central console, which then pushes the files to the distribution server.
One interesting but necessary side effect of enabling this option is that you will not be able to schedule an automatic synchronization for the distribution server you specify here. Why? Because in this particular case you do not want the console to synchronize with the distribution server. Doing so would cause the contents of the distribution server (the patches and product levels) to be overwritten by the contents of the console (which may not contain anything at all).
Scheduled automatic downloads
You can configure the program to automatically download the latest versions of the engine components and the data definition files on a regular basis. This can speed your scan processes by making the necessary files available in advance of a scan. You can also choose to automatically download patches and product levels that are likely to be used in future patch deployments.
The Schedule Download dialog appears.
2.Specify when you want the download to occur.
The Add delay (days) box (available if you download on a monthly basis) allows you to delay the download by up to 31 days. For example, you might use this to schedule a monthly download that is always performed four days after Patch Tuesday. You do this by specifying The Second Tuesday and then using the Add delay (days) option to delay the operation by four days.
The new scheduled download entry appears. At the scheduled time, the appropriate engines and definition files will be downloaded to the console.
If enabled, patches that are likely to be deployed in the near future are automatically downloaded to the patch download directory. The patches will be downloaded immediately following the scheduled download of the core engines and definitions. Downloading patches in advance of their anticipated deployment will help speed the deployment process. This feature is beneficial for agentless deployments and for agents that deploy patches using the services of a distribution server.
Here are some additional details about Predictive Patch:
•The following patches will be downloaded to the console's download directory:
•Missing patches that were detected by recent scans but that have not yet been downloaded. A recent scan is defined as a patch scan that was performed within the last 45 days.
•Missing patches for products that Security Controls can deduce are on your target machines
•New patches that were recently added to the data definition file and that apply to products on your target machines.
•New or missing product levels will be downloaded
•The patches and product levels will be downloaded according to age (the most recent will be downloaded first)
•The process will download up to 5GBs of patches and product levels during a scheduled download session
•Patches that already exist in the download directory will not be downloaded.
•You can synchronize Predictive Patch with your distribution servers so that they receive copies of the downloaded patches
•An entry is recorded in Event History every time patches are downloaded to the console by Predictive Patch
•The patch download is triggered by either a scheduled download of the core engines and definitions or by clicking Run now when Core engines/definitions is selected
•If a patch contains different packages for different languages, only those languages supported by your products are downloaded
•Predictive Patch will not download software distribution patches (patches that are actually installation packages for free third-party applications)