Copyright Notice

This document contains the confidential information and/or proprietary property of Ivanti, Inc. and its affiliates (referred to collectively as “Ivanti”), and may not be disclosed or copied without prior written consent of Ivanti.

Ivanti retains the right to make changes to this document or related product specifications and descriptions, at any time, without notice. Ivanti makes no warranty for the use of this document and assumes no responsibility for any errors that can appear in the document nor does it make a commitment to update the information contained herein. For the most current product information, please visit

Copyright © 2018, Ivanti. All rights reserved.

Ivanti and its logos are registered trademarks or trademarks of Ivanti, Inc. and its affiliates in the United States and/or other countries. Other brands and names may be claimed as the property of others.


Protected by patents, see


Welcome to Ivanti Security Controls
What's New?
Evaluate the Product
System Requirements
Architecture Considerations
Obtaining the Software
Installing the Prerequisites
SQL Server Pre-Installation Notes
Performing a New Installation
HTTP Proxy Post-Installation Notes
SQL Server Post-Installation Notes
Your Next Steps
Uninstalling the Product
Upgrade Requirements
Upgrade Procedure
Upgrade Tasks Performed on the Console
Starting the Program
Activating the Program
Editions of the Program
Version Information
How Licenses are Tracked
Navigating the Interface
Performing a New Agentless Operation
Using the Navigation Pane
Charts Page
Menu Commands
Editing the Console Description
Help System
Show Me How to Get Started!
How Do I Get Started Scanning and Patching (Windows)
How Do I Get Started Scanning and Patching (Linux)
How Do I Automate Scheduled Patching (Windows)
How Do I Track Deployment Status (Windows)
How Do I Download Approved Patches (Windows)
How Do I Scan and Patch ESXi Hypervisors
How Do I Start Using Application Control
How Do I Set Up and Monitor Agents
How Do I Use The Asset Inventory Feature
How Do I Use The Power Management Feature
How Do I Use The ITScripts Feature
How Do I Collect Data For Tech Support
How Do I Use A Distribution Server
How Do I Generate Reports
How Do I View How-to Tutorials
About Machine Groups
About the My Test Machines Group
Creating a New Machine Group
Organizing machine groups
Performing Actions On Machine Groups
Searching Machine Groups
Working with a Machine Group
Machine Group Dialog: Top Section
Machine Group Dialog: Middle Section
Machine Group Dialog: Bottom Section
Excluding Certain Machines
Linking Files to Machine Groups
Adding Machines by Name
Adding Domains
Adding Machines by IP Address
Adding Organizational Units
Defining Nested Groups
Virtual Machine Overview
Power State and Credential Requirements for VMs
Notes About Virtual Machines
Notes About Virtual Machine Templates
Roadmap of Tasks
How to Add Virtual Machines
Adding Virtual Machines Hosted by a Server
Logging on to a Server
Adding Offline VMs that Reside on Workstations
Viewing Servers and Virtual Machines in a Machine Group
Supplying Credentials for Machines
Defining Credentials
Managing Credentials
Shared Credentials
Security Implications When Sharing Credentials
Credential Precedence for Physical Machines and Online VMs
Credential Precedence for Offline Hosted VMs
Creating Favorites
Performing Actions on a Favorite
Configuration Options Overview
Display Options
Notifications and Warnings Options
Scan Options
Explanation: Continuous Agentless Scanning
Explanation: Connecting by IP Address vs FQDN
Scheduling Options
Agents Options
Download Options
Email Options
Data Rollup Options
Scheduled Snapshot Maintenance
Logging Options
Internet Proxy Options
ITScripts Options
API Options
Why Use a Distribution Server?
Determining How Many Distribution Servers to Use
Configuring Distribution Servers
Configuring System Account Permissions
Synchronizing Servers
Assigning IP Addresses to Servers
Why You Might Use Multiple Administrators
How the Program Manages Multiple Admins
Potential Issues When Using Multiple Admins
Best Practices When Using Multiple Admins
How Role-Based Administration Works
Enabling and Disabling Role-Based Administration
User Manager
Deleting a User
Determining the Currently-Assigned Role
Best Practices Guides
Console Software and Hardware Recommendations
Port Requirements and Firewall Configuration
Distributed Environment Management
Configuring Agentless Patch Management
Best Approach for Applying Patches in an Agentless Environment
Automating Patch Management in an Agentless Environment
Agent-based Patch Management
Agent Rollout Options
Installing and Supporting Agents on Internet-based Machines
Agent-Based Product Level and Patch Deployment Process
Guide to Surviving Patch Tuesday
Microsoft SQL Server Database Maintenance
Performing Patching in a Disconnected Environment
Application Control Best Practices
What Sets the Program Apart
Scanning Engine Overview
Discovering Machines
Determining Patch Status
File Version Analysis
Determining Patch Replacements
Identifying Explicitly Installed Patches
Identifying Effectively Installed Patches
About Patch Groups
Creating and Editing a Patch Group
Using a Patch Group
Patch Scanning Overview
Scanning Prerequisites
How to Initiate a Patch Scan
Scheduling Patch Scans
Monitoring a Patch Scan
Monitoring A Scheduled Patch Scan
Scan History
Patch Options Menu
About Patch Scan Templates
Predefined Patch Scan Templates
Creating a New Patch Scan Template
Organizing Patch Scan Templates
Managing a Patch Scan Template
Specifying a Default Patch Scan Template
About Windows Patch View
Navigating Windows Patch View
Filtering Windows Patch View by Patch Type
Filtering Windows Patch View by Product Vendor
Exporting Patches
Customizing The Patch View Column Headers
Understanding the Top Pane
Searching Patch View
Filtering Patch View
Performing Actions On Patches
Viewing Patch Details
Viewing Machines Affected By A Selected Patch
About Third-Party Applications
How to Scan for Third-Party Applications
Accessing Patch Scan Results
Navigating the Scan View Grid
Customizing The Column Headers
Scan View Scan Summary
Machine Group Info is Dynamic
Searching for Machines
Filtering Info in the Top Pane
Performing Actions On Machines
Viewing Patch Summaries in Scan View
Performing Actions On Patches
Viewing Patch Details
Viewing Machines Affected By A Selected Patch
Downloading Patches and Product Levels
How to Download Different Language Versions of a Patch
Patch Downloads Are Background Tasks
Manually Acquiring Patches from the Vendor (Sideloading)
Patch Deployment Overview
Patch Deployment Prerequisites
Patch Deployment Security
Testing Deployment
Deploying One or More Patches to a Machine
Deploying All Missing Patches to a Machine
Deploying Patches to Multiple Machines
Deploying Third-Party Applications
Deploying Patches to Virtual Machines
Deploying Product Levels
Deploy to All Domain Members
Scheduling & Configuring a Deployment
Automatically Deploying Patches
Monitoring the Deployment
Viewing Deployment Results
Canceling a Deployment
Deployment History
About Deployment Templates
Creating a Deployment Template
Organizing Patch Deployment Templates
Deployment Template: General Tab
Deployment Template: Pre-Deploy Reboot Tab
Deployment Template: Post-Deploy Reboot Tab
Deployment Template: Email Tab
Deployment Template: Custom Actions Tab
Deployment Template: Distribution Servers Tab
Deployment Template: Hosted VMs/Templates Tab
Deployment Template: Used By Tab
Managing a Deployment Template
About Deployment Tracker
About the Deployment Tracker Dialog
Canceling a Task
How to Uninstall Patches
Overview of the Custom XML Process
Creating a New Custom XML File
Creating a Custom Product
Creating a Custom Bulletin
Creating a Custom Patch
Scan Information Tab
Deployment Information Tab
Saving and Validating Your Changes
Changing a Custom XML File
Specifying Which Custom XML Files To Use
Viewing Custom Patches and Products
Introducing the Virtual Inventory Feature
vCenter Server and ESXi Hypervisor Requirements
Adding, Editing, or Removing vCenter Servers and ESXi Hypervisors
Customizing The Column Headers
Viewing Information About a vCenter Server
vCenter Server Top Pane Summary
Searching the List of Hypervisors
Performing Actions On Hypervisors
Viewing a Summary of the Hypervisor's VMs
Performing Actions On Virtual Machines
Viewing Bulletin Status
Deploying Bulletins to Managed Hypervisors
Using the ESXi Hypervisors List
Viewing a Summary of the ESXi Hypervisor's VMs
Performing Actions On Virtual Machines
Viewing Bulletin Summaries on ESXi Hypervisors
Deploying Bulletins to Unmanaged ESXi Hypervisors
How to Initiate a Scan of an ESXi Hypervisor
Initiating a Deployment to an ESXi Hypervisor
Configuring an ESXi Bulletin Deployment
Viewing ESXi Deployment Results
Overview of Linux Patch Management
Creating and Editing a Linux Patch Group
Creating and Editing a Linux Patch Scan Configuration
Creating and Editing a Linux Patch Deployment Configuration
Organizing Linux Configurations and Groups
How to Patch Disconnected Linux Machines
SSH Authentication
Importing CVEs
Application Control Overview
Executable Control
Privilege Management
Browser Control
Rule Sets Overview
Configuration Settings
Configuration Settings Executable Control
Configuration Settings Privilege Management
Advanced Settings
Message Settings
Rule Collections
Rule Set Executable Control
Allowed Items
Denied Items
Rule Set Privilege Management
Rule Set Browser Control
Manage Configuration
Comparison Tool
Search Configuration
Event Viewer
Agentless vs. Agent-based Solutions
When Should I Use Each Solution?
What Exactly is an Agent?
How the Agent Process Works
Creating a New Agent Policy
Configuring General Settings
Agent Reboot Options
Creating and Configuring a Patch Task
Enabling Application Control
Creating and Configuring an Asset Task
Creating and Configuring a Power Task
Preparing to Use Agents
Installing Agents from the Console
Manually Installing Agents
Installing Agents from the Cloud
Configuring Proxy Server Settings for Agents
Creating and Using a Manual Installation Script
Troubleshooting Installation Errors
Managing Your Agents
Monitoring Agent Actions
Determining Which Machines Have Agents
Ongoing Maintenance Tasks
Using an Agent on a Machine
Uninstalling an Agent
About Product Level Groups
Creating and Editing a Product Level Group
Using a Product Level Group
Copy, Delete or Rename a Product Level Group
About the Agent Client Program
About Machine View
Accessing Machine View
Navigating Machine View
Customizing the Column Headers
Typical Uses of Machine View
Machine View Top Pane Summary
Understanding Patch Count Data
Machine Group Information is Dynamic
Searching for Machines
Filtering Info in the Top Pane
Performing Actions On Machines
Viewing Patch and Asset Summaries
Performing Actions on Patches
Viewing Patch Information
Viewing Machines Affected By A Selected Patch
What is Event History?
Searching for Event Entries
Using the Event History Smart Filter
Accessing Machine Properties
Managing Individual Machine Properties
Managing Multiple Machine Properties
About the Operations Monitor
About the Scheduled Console Tasks Manager
About the Scheduled Remote Tasks Manager
Manually Installing and Uninstalling the Scheduler
Security Controls Cloud Synchronization Overview
Requirements and Usage Notes
How to Enable Security Controls Cloud Sync
Security Controls Cloud Sync Options
Email Overview
Populating the Address Book
Automatically Sending Email Reports
Manually Sending Email Reports
Using Disconnected Mode
Managing Data Files and Missing Patches
Overview of Reports
Reports Dialog
Advanced Filtering
How to Schedule a Report
Introduction to Database Views
Overview of Database Views
Entity Relationships
Agent View
Architecture View
Assessed Machine State View
CVE View
DeployState View
DetectedPatchState View
InstallState View
LinuxCompletionCode View
LinuxDetectedPatchState View
LinuxErrorStep View
LinuxInstallState View
LinuxNotification View
LinuxPatch View
LinuxPatchAppliesTo View
LinuxPatchDeployment View
LinuxPatchType View
LinuxPlatform View
Machine View
OperatingSystemFamily View
Patch View
PatchAppliesTo View
PatchCountsByScanMachine View
PatchDeployment View
PatchScan View
PatchType View
Product View
ScanType View
SourceType View
VendorSeverity View
Sample Query: CVE Vulnerability Report
Sample Query: Patch Status Detail
Sample Query: Missing Patches by Agent Policy
Why Use Multiple Consoles?
What is a Data Rollup Configuration?
Implementing a Data Rollup Configuration
Watching For Data Rollup Activity
What is an Unattended Console Configuration?
Implementing an Unattended Console Configuration
What is a Disconnected Console Configuration?
Configuring the Central Console in a Disconnected Configuration
Configuring the Remote Consoles in a Disconnected Configuration
Multiple Console Configuration with Agents
ITScripts Overview
ITScripts Requirements
Managing ITScripts
Creating an ITScripts Template
How to Execute a Script
Scheduling Scripts
Run Console ITScripts Dialog
Monitoring an ITScript
Monitoring a Scheduled Script
ITScripts Results View
Performing Actions on Script Results
Searching for Script Results
Using The Script Result Smart Filter
Opening a PowerShell Prompt
Creating a Custom Script
Variables and Functions
Target Type
Specifying ComputerName and Credential Parameters
Unsupported PowerShell Commands
Pre-Execution and Post-Execution Functions
Script Metadata
Signing Scripts
Importing User Scripts
Understanding RDP
RDP Requirements
How to Initiate a Remote Desktop Connection
Database Maintenance
Assigning Aliases to the Console
IAVA Reporter Overview
Creating an IAVA Report
Performing an IAVA Patch Scan
Introduction to the Migration Tool
Requirements for Using the Migration Tool
Commonly Asked Questions
Before You Begin
Creating Your Backup Files
Restoring Your Console on a New Machine
Post-Migration Tasks
Overview of REST API
Overview of PowerShell API
PowerShell API Requirements
Areas That Can be Accessed by the API
Viewing and Tracking API-Driven Actions
How to Get Started
How to Find Help for PowerShell Commands
Tips and Tricks
Use Examples
Frequently Asked Questions
What is the Issue?
Overview of the Solution
Requirements and Exceptions
How to Issue a New Certificate Using Your Own CA
Let the New Certificate Percolate Through the System
Commit the New Sub-Authority Certificate
Testing for and Verifying the New Certificate
Reporting Errors
Obtaining Support
Asset Inventory Overview
Asset Scan Requirements
Asset Scans are Performed as Background Tasks
Creating a New Asset Scan Template
How to Initiate an Asset Scan
Scheduling Asset Scans
Monitoring an Asset Scan
Monitoring a Scheduled Asset Scan
Viewing Asset Scan Results
Power Management Overview
Power Management Requirements
Creating and Editing a Power State Template
How to Initiate Power Management Tasks
Scheduling Power Tasks
Sleep and Hibernation Implementation Notes
Wake-on-LAN Implementation Notes
Shutdown Implementation Notes
Restart Implementation Notes
Monitoring a Power Task
Monitoring a Scheduled Power Task
Initiating and Monitoring a Power Status Scan
Viewing Power Status Scan Results
Using Patch Deployments to Perform Power Tasks