Using Autofix

Autofix enables you to remediate during the detection scan, when the vulnerability is detected. There is no need to create a separate task for remediation. If a patch requires a reboot, the target device always automatically reboots. By default, if the agent attempts to autofix a patch but it fails, the agent does not retry.

Autofix is generally used after a patch has been thoroughly tested and the administrator is confident that it won't negatively affect users. The feature is available for vulnerabilities, spyware, Ivanti software updates, and custom definitions.

Autofix has to be enabled in agent settings, and then configured for each definition. When you create a task for downloading definitions, you can use a filter to enable Autofix when a definition is downloaded.

IMPORTANT: Requirements for using Autofix
Only Administrators or users with the Patch Manager right and the default All Devices scope can enable the Autofix feature.

The Windows agent, Windows Server agent, and Windows Embedded Standard agent all have an option in agent configuration that overrides what is in the agent settings. By default, Windows Server agents are set to Never autofix. If autofix isn't working when you expect it to, investigate whether the Never autofix option is enabled in Agent Configuration > Standard Ivanti agent.

ClosedTo enable Autofix in the agent settings

1.Click Tools > Configuration > Agent settings.

2.Select an existing Distribution and Patch agent setting or right-click Distribution and Patch in the tree and select New.

3.Select Patch-only settings > Scan options.

4.Enable the Enable autofix option at the bottom of the page.

5.Save your changes.

ClosedTo enable Autofix for a definition

1.Click Tools > Security > Patch and Compliance.

2.Drag a downloaded definition to one of the Scan > Autofix folders in the tree view, or right-click and select Autofix.

ClosedTo automatically enable Autofix for definitions when they are downloaded

1.Click Tools > Security > Patch and Compliance.

2.In the toolbar, click Download updates.

3.Select the definitions that you want to use autofix for.

4.Click the Definition download settings button (on the Updates tab).

5.In the Definition download settings dialog, click New.

6.In the Definition filter properties dialog, click the Autofix tab.

7.Enable the Assign Autofix option.

8.Configure the other download settings and save your changes.

ClosedTo configure the number of retries for Autofix

1.Click Tools > Security > Patch and Compliance.

2.In the toolbar, click Configure settings > Core settings.

3.In the Autofix retry count section, specify the number of times to attempt an Autofix, or allow the agent to retry indefinitely.

4.Click OK.