Patch filter definitions (2019 and newer)

Use patch filter definitions to group downloads for Patch and Compliance vulnerability updates. You can then easily apply the items in the filter definition to a group or rollout project.

Filters consist of these elements:

  • The OS (operating systems) to include.
  • The Products to include. If you selected operating systems on the OS tab, make sure the products you select on the Products tab are the using your selected operating systems. Use the Find product box to quickly find a product name that includes the text you enter.
  • The Severity to include. The available severity levels depend on the operating system you're configuring.
  • The Endpoint security Groups that the filtered definitions will be applied to. Select existing groups or right-click in a groups list to create a new group.
  • Rollout projects (if any) that should use the filter definition. Only rollout projects with at least one step created appear in the list.

The tabs work together using AND logic. If you don't select anything in a tab, the filter assumes you want to ignore that tab's criteria. Note that a filter may return no item if you select items that don't overlap. For example, if you select Windows on the OS tab and then select Mac items on the Products tab.

In version 2022 SU2 and newer, selecting a root product on the Products tab will automatically select all released versions and any new versions as they are released. In earlier versions, you would have to manually select new versions as they were released.
It is possible that new versions of a product can have bugs or other issues. If you want to manually do validation testing on new versions before applying them, instead select specific versions below the product root.

The Automatically generate a patch Tuesday group and assign all patches, during this month, to this group option creates a new group each month on the second Tuesday of the month (i.e. patch Tuesday). All patches that the filter matches will be added to this monthly patch Tuesday group.

To create a patch filter definition
  1. Click Tools > Security and Compliance.
  2. On the toolbar, click the Download button.
  3. On the Filter Definitions tab, click the Add new definition button.
  4. On the Name tab, enter a Filter name and Filter description.
  5. Select your filter criteria on the OS, Products and Severity tabs.
  6. On the Groups tab, select a group that will use this filter definition, if any.
  7. On the Rollouts tab, select rollout projects that will use this filter definition, if any.
  8. Click the Save button. The filter definition you created will now be visible in the Download updates > Filter definitions tab. Use the Edit or Delete buttons there to make other changes when necessary.

NOTE: Filter definitions for Windows only work with Next Gen content. When viewing definitions, the Summary column will say Next Gen.

NOTE: Severities in releases 2019.1 and newer will match the vendor's assigned severity. In earlier releases, Windows non-security patches always had a severity of NA. In the past some customers used an NA security to filter between security and non-security patches. Moving forward, select between these two patch types by specifically selecting the severities under the Severity tab's Security patches and Non-Security Patches tree items.