Viewing Patch Summaries in Scan View

The middle pane displays general patch information about the machine(s) selected in the top pane. If multiple machines are selected in the top pane, this pane will display patch information for all selected machines. For example, if you select two domains in the top pane, summary information about all the machines in both domains will be displayed. The Affected Machine Count column indicates how many of the selected machines are affected by a specific patch or product level.

The values for the Installed Patch Count and Missing Patch Count columns in the top pane may not always match the values shown in the middle pane. This is because the top pane counts every patch on every machine, while the middle pane counts only unique patches and ignores duplicates.

If you refresh Scan View during or after a patch deployment, the Current Patch Status column will reflect the new patch status. For example, in the following figure, the Google Chrome 72 patch that was originally detected as missing is now being reported as installed.

You can customize the way information is displayed within this pane. See Customizing the Column Headers for information.

Field

Description

Current patch status

The current status of the patch. This may be different from the status of the patch when the scan was originally performed. (For example, the patch may have been deployed since the scan was originally performed.)

Original patch status

Indicates the patch status at the time the patch scan was performed.

Product

The software product affected by this patch.

Product level

The product level of the patch. For original patches the level will be Gold.

Affected machine count

Indicates the number of machines that are missing the patch. This number only applies to those machines that are selected in the top pane.

Patch type

Indicates the patch type. The possible types are:

  • Non-security Patches: The set of patches supported by Microsoft Software Update Services
  • Security Patches: Security bulletin-related patches
  • Security Tools: Patches for the malware tool provided by Microsoft
  • Software Distribution: Free third-party products that can be deployed by Security Controls

Bulletin ID

Identifies the Microsoft Security Bulletin article that describes the threat addressed by the patch.

Bulletin title

The descriptive title of the Microsoft Security Bulletin article that describes the threat addressed by the patch.

Download method

Indicates if the patch can be downloaded automatically by the program or if it must be downloaded manually. There may be a number of different reasons why a patch cannot be automatically downloadable. For example, you may have a patch that was created for a proprietary software program, or you may receive patches for a program that is no longer officially supported by the vendor.

If the value in this column is Automatic, it means that Security Controls can download the patch automatically. If the value is Acquire from vendor or some other value, it means that you must manually download the patch on your own and then move it into the patch download directory using the sideload process. Once the patch is there it can be deployed using the normal deployment process.

Download status

Indicates if the patch has been downloaded to the patch download directory. Some patches may require sideloading.

KB

The knowledge base number used to identify the Microsoft-based patch.

CVSS score (highest)

The highest Common Vulnerability Scoring System (CVSS) score of all CVEs associated with this patch. The more a vulnerability is validated by the vendor or other reputable sources, the higher the score.

CVEs

The Common Vulnerabilities and Exposures (CVEs) that are associated with the patch.

IAVA ID

This column is available only if you have a Government Edition of Security Controls.

The number used to identify patches in the Information Assurance Vulnerability Alert (IAVA) XML file compiled by the U.S. Government.

Vendor severity

One of four severity levels assigned by Ivanti based on the perceived threat of the vulnerability related to the patch.

(Red) Ivanti has deemed the problem associated with this patch to be Critical in nature.

(Orange) Ivanti considers the problem related to this patch Important to correct.

(Yellow) The related vulnerability is of Moderate severity.

(Gray) Ivanti has not assigned a severity level to this problem.

Uninstallable

Indicates if the patch can be uninstalled. Uninstalling a patch restores a machine to its original state before the patch was deployed. Patches must be uninstalled in the reverse order in which they were installed.

File name

The name of the patch file.

File size

The patch file size.

EOL

The number of software products on the machine that have been designated as at End-of-Life by their vendor.

Bulletin release date

The original publication date of the security bulletin that identifies the vulnerability.

Comment

A user-supplied comment about the patch.

Detected culture

The local form of the operating system language detected on the target machine.

Download file name

The file name used by Security Controls when downloading and deploying the patch. The name may include a three letter identifier that specifies the operating system language supported by the patch.

Patch release date

The date the patch was originally published.

Patch updated

The date an updated version of the patch was published.

Replaced by

The bulletin ID that identifies a more recent update for the vulnerability.