Patch and Compliance

Patch and Compliance is a complete, integrated security management tool that helps you protect your Ivanti managed devices from a variety of prevalent security exposures and risks. Ivanti Patch Manager is sold as an add-on product to Endpoint Manager and is included in Ivanti® Endpoint Security for Endpoint Manager.

Use security scan tasks and policies to assess managed devices for known platform-specific vulnerabilities. Download and organize patch executable files, and then remediate detected vulnerabilities by deploying and installing the necessary patch files. You can also create your own custom definitions to scan for and remediate specific, potentially harmful conditions on devices. Additionally, at any time you can view detailed security information for scanned devices, and generate specialized patch and compliance reports.

In addition to patch management, use the Patch and Compliance tool to perform the following tasks:

Verify that the latest Ivanti software is installed and up to date on your managed devices, as well as core servers and console machines.

Use a blocked application definition to deny unauthorized or prohibited applications on devices.

Use specific security threat definitions that detect the Windows firewall, turn it on or off, and configure the firewall settings.

Use custom variables that are included with other security threat definitions in order to customize and change specific local system configurations, and to enforce enterprise-wide system configuration policies.

ClosedSupported device platforms

Patch and Compliance supports most of the standard Ivanti managed device platforms. For details about supported platforms, see Support Platforms and Compatibility Matrix for Ivanti Endpoint Manager in the Ivanti Community.

IMPORTANT: Scanning core servers and consoles for Ivanti software updates is supported
You can also scan Ivanti core servers and consoles for Ivanti software updates, but those machines must first have the standard Ivanti agent deployed, which includes the security scanner agent required for security scanning tasks.

ClosedRole-based administration with Patch and Compliance

A user with the Patch and Compliance right can perform most of the tasks associated with the Patch and Compliance tool. The Patch and Compliance right appears under the Security rights group in the Roles dialog box. However, there are some tasks that require additional rights:

To use Autofix to automatically remediate these detected security types—vulnerabilities, spyware, Ivanti software updates, and custom definitions—you must be a Ivanti Administrator.

To purge unused security type definitions, you must be a Ivanti Administrator.

To generate a variety of security-specific reports, you must also have Reporting roles.

Administrators assign these roles to other users with the Users tool in the console.

Choose from one of the following topics for more information about Patch and Compliance:

Getting started with Patch and Compliance

How Patch and Compliance scans and remediates

Open and understand the Patch and Compliance tool