How Patch and Compliance scans and remediates

The table below describes how the Patch and Compliance security scanner searches for each type of security risk and the steps taken during remediation.

Linux devices use Ivanti's contentless patching method, which is different from the content-based patching that macOS and Windows devices require. For more information, see the brief video below describing the differences.

Ivanti Patch - contentless and content-based patching compared (2:43)

When scanning for...

Patch and Compliance scans by...

and remediates by...

Ivanti software updates

Using software update definitions published by Ivanti to check for the latest Ivanti software versions.

Installing the appropriate Ivanti software update.

Windows and Mac vulnerabilities

Using vulnerability definitions published by Ivanti (based on official security bulletins) to check for known operating system and/or application vulnerabilities.

Using a scheduled task or an autofix to deploy and install the required patch files. Patch files must already be downloaded to the local patch repository.

Mac vulnerabilities

Using vulnerability definitions published by Ivanti (based on official security bulletins) to check for known vulnerabilities.

Using a scheduled task or an autofix to deploy and install the required patch files. Patch files must already be downloaded to the local patch repository.

Linux vulnerabilities

Using vulnerabilities detected by the Linux distribution's built-in package manger.

Using a scheduled task or an autofix to install the required patch files. The Linux distribution's package manager will handle patch download and installation.

Custom definitions

Using custom vulnerability definitions created by a Ivanti Administrator to check for a user-defined platform, application, file, or registry setting conditions.

Deploying a custom patch or script that addresses the situation. You may have the remediation as part of the initial definition, or as a separate patch.

Security threats

Using security threat definitions published by Ivanti to check for local Windows system configuration errors and exposures. You can modify security threat definitions that use editable custom variables to check for specific conditions.

Applying the configuration settings specified by the security threat definition.

Some security threats must be remediated manually at the affected device. To find out whether a security threat can be remediated from the console, view its Repairable column value (Yes or No) in the item list view.

Spyware

Using spyware detection definitions that check for instances of spyware programs on scanned devices. Patch and Compliance uses the Ivanti Software license monitoring tool's softmon.exe program to monitor for spyware. You can also enable real-time spyware monitoring and blocking with a device's agent configuration.

Removing the violating spyware application (as a repair task) or blocking the application when it tries to run. To enable real time blocking, enable autofix and spyware blocking in the agent settings and set the spyware definitions to autofix.

Driver updates

Using third-party driver update definitions that check for driver versions.

Deploying and installing the appropriate third-party driver update.

Software updates

Using third-party software update definitions that check for software versions.

Deploying and installing the appropriate third-party software update.

Antivirus updates

Using antivirus scanner detection definitions (NOT actual virus definition/pattern files) that check for:

- Installation of common antivirus scanner engines (including the Ivanti Antivirus tool)

- Real-time scanning status (enabled or disabled)

- Scanner-specific pattern file versions (up to date or old)

- Last scan date (whether the last scan is within the maximum allowable time period specified by the administrator)

For Ivanti Antivirus, use Ivanti software updates to update the antivirus engine.

For other antivirus engines, you must manually remediate.

Blocked applications

Using application definitions published by Ivanti (or user-defined application definitions) to immediately deny end user access to the application by editing the local registry. Patch and Compliance uses the Ivanti Software license monitoring tool's softmon.exe program to deny access to specified application executables, even if the executable file name has been modified, by reading the file header information.

Blocking the application when it tries to run, even if the program's executable file name has been changed, by reading the file header information. Remediation in this case is not a separate procedure. Application blocking is done during the security scan process. The security scan immediately denies end-user access to the application by editing the registry. (See the Legal disclaimer for the blocked applications type.)

For information about how to get started downloading patch definitions and scanning for vulnerabilities, see Getting started with Patch and Compliance.