Patch and compliance for Macintosh devices

Patch and Compliance is a complete, integrated security solution that helps you protect your Macintosh devices from a wide range of prevalent security risks. The tool allows you to manage security and patch content, scan devices, use patches, and remediate devices.

Configure Macintosh devices for security scanning and remediation

Security functionality is included as part of the standard Ivanti agent for Macintosh devices. It allows you to scan managed Macintosh devices for vulnerabilities, and perform remediation by deploying patches or software updates.

Launching the scanner for Macintosh devices

You can launch the scanner from the console or manually on the client machine. You can also right-click a Mac device in the Network view and click Security and Patch > Patch and compliance scan now.

To run a compliance scan from the Ivanti Management Console
  1. Click Tools > Security and Compliance > Patch and compliance.
  2. Click the Create a task button on the toolbar, and select Compliance scan.
  3. Type a name for the task and select Create a scheduled task or Create a policy, depending on how you want to run the scan.
  4. In the Scheduled tasks tool, select the task and click the Properties button on the toolbar.
  5. Specify the scan options. On the Custom script page you'll specify the details of the compliance scan.

For details on creating a compliance scan task, see Create a patch and compliance scan task

NOTE: When you define settings for a compliance scan, some functionality is not available for managed Macintosh devices. Point to items in each page of the dialog box; a message indicates when an item is not available for Macintosh scans.

To launch the security scanner on a Macintosh client
  1. Open the Mac OS X System Preferences on the target device and select the Ivanti Client panel.
  2. On the Overview tab, click Check Now in the Security and Patch Manager section.

Blocking applications for Macintosh devices

You can use the Endpoint Manager Patch and Compliance tool to block applications on managed Macintosh devices. This functionality works the same way as it does for Windows devices, except that no pre-defined blocked content is available for Macintosh devices.

You can block only .app files on managed Macintosh devices. In order to block specific applications, you must create a custom definition for each blocked application. When creating the custom definition, be sure to select Apply to Mac.