Security patch automatic approval rule item attributes
Click here to see this page in full context

 

Security patch automatic approval rule item attributes

Main: General

Attribute name

Description

Name

Enter a name for the automatic security patch approval rule item here.

Status

This field defines and displays the status of the automatic security patch approval rule item.

  • Disabled: The rule is inactive and has no effect on anything.

  • Active: The rule is fully operational and it is automatically processed every night.

Download when approved

This field defines whether patch installation packages are automatically downloaded to the media master installation point for those security patches which match to the filters defined in "Filters" section. The downloading of patch installation packages speeds up the patch deployment and installation process, and the downloading takes place after the security patches have been approved.

Description

Enter a free description of the automatic security patch approval rule item here.

  

Main: Targets

Attribute name

Description

Asset groups

Asset groups selection defines which devices that are affected by the approval rule. All devices that belong to the selected asset groups are within the scope of the patch approval rule.

You can choose multiple asset groups in the popup by holding the Ctrl-key.

Name

This columns displays the name of the asset group.

For more information about asset groups, please read About asset groups.

Action

With the "Action" menu, you can choose whether the installation of security patches, defined in "Filters" section, is allowed or denied for the particular asset group on that row. "Install" means that the installation of the security patch(es) is allowed for the assets which are members of the asset group, whereas "deny" means that the installation of the security patch(es) is forbidden to the asset configuration items in that asset group.

Installation delay

With this  field you can define a delay for the patch installation. There are three options available: none, In days or Custom schedule. This is useful if you, for example, want to get the security patches installed to a pilot group first before installing the patches to a larger group of computers.

Main: Filters

Attribute name

Description

Severities

With this field, you can filter patches by their severity. For example, if you want to create a rule which automatically approves Critical patches, choose Critical here.

Notice that you may select multiple choices by holding the CTRL-key.
Patch types

With this field, administrators can make the approval rule to apply for certain type of patches. Typical use case is to create separate rules, for example, for processing the security patches and non-security patches.

Notice that you may select multiple choices by holding the CTRL-key. This allows you to exclude, for example, the OS upgrades from the rule.
Product versions

With this field, you can filter patches by product version(s). For example, if you want to create a rule which automatically approves patches for specific versions of some certain products, like PowerPoint 2016 and Word 2016.

Notice that you may select multiple choices by holding the CTRL-key.
Product families

With this field, you can filter patches by their product family.

Notice that you may select multiple choices by holding the CTRL-key.

Vendors

With this field you can filter security patches by vendor(s). For example, if you want to create a rule which automatically approves security patches for Microsoft products, choose Microsoft Corporation here. Notice that you may select multiple choices by holding the CTRL-key.

Patch title

With this field, you can filter security patches by their title.

Usually, the title filter is handy if you want to target very specific patches or narrow down the group of patches that match to the other filters.

You can narrow down the group of included patches by adding Not contains rules which exclude patches with the defined text in their name.

On the other hand, if you want to include only very specific patches, it may be easier to put a Contains rule or rules first and then narrow down the patches with exclude rules.

Remember that you can also use the wildcard character % to define the rules. 

When defining the patch filters, it is recommended to take a look at the below shown effective filter to interpret the rule. You can also test your filters by choosing "Tasks > Show matching patches" from the item toolbar, which shows you what patches would be included in your rule.

Effective filter

This field only displays your current security patch filter.

Main: Additional information

Attribute name

Description

Attachments

You may attach files into this field. About attaching files. This field is optional.

Comments

You may add comments related to this item here. This field is optional.
 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.