Manually Acquiring Patches from the Vendor (Sideloading)
Sometimes a patch cannot be downloaded by Security Controls. This can happen for a number of different reasons. For example, the patch might be an ISO that represents a missing Windows 10 product level, it might be an old patch that has been removed by the vendor, a login to the vendor website might be required to access the patch, the patch might have been only available via a temporary link, etc.
If a patch cannot be automatically downloaded, the phrase Sideload required will be displayed in the Download status column in Machine View, in Patch View, in Scan View and on the Deployment Configuration dialog.
In order to deploy a patch that cannot be automatically downloaded, it must first be sideloaded. Sideloading means the patch file is downloaded manually, its contents are verified and then the file is saved to the proper directory on the console machine. The exact process is as follows:
- Select the patch within Machine View, Patch View or Scan View.
- In the bottom pane, click Download information.
Information on downloading the patch from the vendor's website will be displayed in a browser. - Follow the instructions for manually downloading the patch file to the console machine.
The best approach is to create a new folder that is used exclusively for sideloaded patch files. Be sure to download the correct language version of the patch. The preferred language for your console is specified on the Patch view download status icon language option. - Select the patch in the grid.
- Right-click the patch and then select Sideload patch.
The Select Patch to Sideload dialog is displayed. - Select the patch file that you previously manually downloaded and then click Open.
- An attempt is made to verify the digital signature of the patch file.
- If needed, the patch file will be renamed to match the naming convention used within Security Controls.
- The patch file is moved to the patch download directory.
The file will be processed and readied for deployment. Specifically:
If the patch file is not signed, you will be prompted to manually confirm the file details. For your convenience, a SHA-256 file hash of the file will be displayed.
Oftentimes, the patch name used within Security Controls is different than the name given by the vendor. This is done to avoid duplicate names. One way to see the expected file name is to locate the patch within Machine View or Patch View and view the file name information.
The default location is C:\ProgramData\Ivanti\Security Controls\Console\Patches.
When the process is complete, the Select Patch to Sideload dialog will close and the patch's download status will change to Sideloaded.
At this point, the patch is ready to be deployed using the normal deployment process.