Patching devices with vulnerabilities

After you have performed a scan and know what vulnerabilities exist in your environment, use a repair task to patch devices. A repair task can be a push, a policy, or a policy-supported push.

Patch and Compliance only installs the patches for detected vulnerabilities on each device. If the vulnerability is not detected, the patch is not installed even if it is included in the repair task.

Generally, vulnerabilities, custom definitions, Ivanti software updates, and blocked applications are remediated from the console using a repair task. To remediate at the time of discovery instead of using a separate repair task, use the Autofix feature.

For information about what happens on a device during patching, see What happens on a device during remediation.

To create a repair task

1.Click Tools > Security > Patch and Compliance.

2.To remediate one definition at a time, right-click the definition and then click Repair.

-Or-

To remediate a set of definitions together, create a group that contains the definitions, right-click the group and click Repair. You can also select the definitions and click Create a task > Repair.



3.Configure the task type, targets, start time, and other task options. For information about the general scheduled task options, see Scheduling tasks.

4.To view or edit which definitions are included in the task, click Definitions.

To remove a definition from the task, right-click it and select Delete.

If definitions in the list have prerequisites, meaning that other patches must be installed first, you can add the prerequisite definitions to the task by clicking Add prerequisites.

If definitions in the list have dependents, meaning that the patches currently in the task must be installed before other patches can be installed, you can add the dependent definitions to the task by clicking Add dependents.

5.To view or download the patches associated with the task, click Patch list. To change a patch so that it uses multicast, select the patch and click the Multicast button. Remove multicast by selecting the patch and clicking Don't multicast.

6.Click Save.

The task appears in the Scheduled Tasks window with the job name specified above, where you can further customize the target device list and configure scheduling options.