Patch Management Info Monitoring and Patch Deployment

Configuration and Migration Options for Deprecated Custom: Patch Assessment Rules

With Release 8.1/5.1, the OPSWAT patch solution provides support for patch information monitoring and deployment. Host Checker downloads the OPSWAT SDK and uses it to detect the installed patch management software and the patch status (the list of missing patches as reported by the patch management software). To enable the patch management software to evaluate the patch status of the client machine, the administrator must configure a patch management policy to use for evaluating the patch status of endpoints.

Custom patch assessment rules are not supported beginning in Release 8.1/5.1. The existing patch management rules will be converted to dummy rules during the migration. You can delete the existing rules or convert them to predefined: patch management rules.

To delete the custom patch assessment rules.

1.Select Authentication > Endpoint Security > Host Checker.

2.Select the check box to back up the configuration and the XML file that contains Host Checker, realms, and role details.

Figure below shows the configuration page for Host Checker.

3.Under Delete deprecated Custom: Patch Assessment rules, select Delete.

The Result:

Displays a confirmation page with the list of deprecated Custom:Patch Assessment rules and the policies in which they are configured. It also lists the Rule Expression for the respective policies which will be changed and the list of policies that becomes empty because of deletion of above rules. You need to click on Confirm if you want to continue deletion of deprecated rules, otherwise click on Cancel.

To convert the existing Shavlik rules to Opswat rules:

1.Select Authentication > Endpoint Security > Host Checker.

2.Select the check box to back up the configuration and the XML file that contains Host Checker, realms, and role details. Figure shows the configuration page for Host Checker.

3.Select the patch management software that you will use to convert custom patch assessment rules to predefined patch management rules and then click on convert.

Convert button appears only after selecting the Patch management Software. If you select convert you can see the confirmation page which lists the deprecated Custom:Patch Assessment rules and the policies in which they are configured. It also lists the Rule Expression for the respective policies which will be changed. Click Confirm to continue replacement of deprecated Custom:Patch Assessment rules with Predefined: Patch Management rules, otherwise click Cancel.

Using a System Management Server

You can use a System Management Server (SMS) to provide a method for automatic updates to non-compliant software. From Release 8.1/5.1, only SMS/SCCM patch remediation is supported. You can enable SMS/SCCM patch remediation in the Predefined patch management policy page. The client machine must have the SCCM client installed and must be communicating to the SCCM server.