Download security content

The Patch and Compliance tool makes the process of gathering the latest security type's definitions and patches quick and easy by letting you download content via a Ivanti-hosted database. Ivanti® Endpoint Security for Endpoint Manager services consolidate known definitions and patches from trusted, industry sources and sends reliable information directly to you.

Use the Download updates dialog box to configure and perform security content updates at once or to create a scheduled task. Download the definitions and patches separately, or using the same task. For example, you may want to download definitions and run a scan at least once before downloading patches, and then only download the patches for vulnerabilities that were detected during the scan.

CAUTION: Only one Ivanti user on a specific core server (including additional consoles) can update security content at a time. If a user attempts to update content while the process is already running, a message prompt appears indicating there is a conflict.

Before you can deploy security patches to affected devices, you must first download the patch executable file to a local patch repository on your network.

ClosedTo download security content

1.Click Tools > Security > Patch and Compliance.

2.Click the Download updates toolbar button.

3.Select the update source site from the list of available content servers.

4.Select the definition types whose security content you want to update. You can select one or more types in the list depending on your Ivanti® Endpoint Security for Endpoint Manager content subscription. The more types you select, the longer the update will take.

5.Select the languages whose content you want to update for the types you've specified.

Some vulnerability and other definition types are language-independent, meaning they are compatible with any language version of the OS or application. In other words, you don't need a unique language-specific patch to remediate those vulnerabilities because the patch covers all supported languages.

When downloading content for any platform, all of the selected platform's language-neutral vulnerability definitions are automatically updated by default. If you've selected a Windows or Mac content type, you must also select the specific languages whose definitions you want to update. If you've selected Sun Solaris or a Linux platform, you do not have to select a specific language because their content is language-neutral and will be updated automatically.

6.If you want new content to be placed automatically in the Unassigned group instead of the default Scan group, select the Put new definitions in the Unassigned group check box.

7.If you want to automatically download associated patch executable files, select the Download patches check box, and then click one of the download options. (NOTE: Patches are downloaded to the location specified on the Patch Location page of the Download updates dialog box.)

For detected definitions only: Downloads only the patches associated with vulnerabilities, security threats, or Ivanti updates detected by the last security scan (i.e., the definitions that are currently residing in the Detected group).

For all downloaded definitions: Downloads ALL of the patches associated with vulnerability, security threats, and Ivanti updates currently residing in the Scan group.

8.If you have a proxy server on your network that is used for external Internet access, click Proxy Settings and specify the server's address, port number, and authentication credentials if a login is required to access the proxy server.

9.To download the content now, click Update Now. The Updating Definitions dialog box displays the current operation and status. If you click Cancel or close the console before the update is finished, only the security content that has been processed to that point is downloaded to the core database.


To create a scheduled task, click Schedule Update. The Scheduled update information dialog box shows task-specific settings for the task. Click OK to create a Download Security Content task in the Scheduled Tasks window, where you can specify the scheduling options.

IMPORTANT: Task-specific settings and global settings
Note that only the definition types, languages, and definition and patch download settings are saved and associated with a specific task when you create it. Those three settings are considered task specific. However, all of the settings on the other pages of the Download updates dialog box are global, meaning they apply to all subsequent security content download tasks. Global settings include patch download location, proxy server, spyware autofix, security alerts, and antivirus. Any time you change global settings, they are effective for all security content download tasks from that point on.

ClosedTo download patches from a downloaded definition

Use this option if you have already downloaded definitions but want to selectively download patches.

1.Right-click the definition, and then click Download associated patches.

2.Select whether to download all associated patches or only current patches. If you choose all associated patches, this includes patches that have been superseded.

3.Click Download.

NOTE: You can also download patches from a definition's properties dialog box. On the General page, click Properties > Patch Information > Download)

For more information on patch file download status, see Open and understand the Patch and Compliance tool.

ClosedTo configure the patch download location

1.On the Download updates dialog box, click the Patch Location tab.

2.Enter a UNC path where you want the patch files copied. The default location is the core server's \LDLogon\Patch directory.

3.If the UNC path entered above is to a location other than the core server, enter a valid username and password to authenticate to that location.

4.Enter a URL where devices can access the downloaded patches for deployment. This URL should match the UNC path above.

5.You can click Test Settings to check if a connection can be made to the web address specified above.

6.If you want to restore the UNC path and URL to their default locations, click Restore to Default. Again, the default storage location is the core server's \LDLogon\Patch directory.