Approving patches manually
Click here to see this page in full context

 

Approving patches manually

Miradore doesn't install any unapproved patches to managed computers. Instead, Miradore lists all applicable patches in the Security patch status by patch view. In the view, Miradore administrators and security officers can approve the installation of selected patches to managed devices. After the approval, Miradore performs the patch installation(s) independently.

The manual process of approving patches is described on this page. You may also create rules for approving and downloading upcoming patches automatically. This might be useful if you are using a software that frequently gets new patches, or which is otherwise important to keep as quickly patched as possible. For more information, please read How to use automatic security patch approval rules.

Notice! Before applying any patches to managed computers, remember to check your organization's change management policy. It is also recommended to use a pilot asset group for testing patches before applying them to larger groups of assets.

How to handle patch approvals for asset groups manually

  1. Navigate to "Operations > Security management > Security patch status > By patch" view.

  2. Use the view columns to analyze the installation status of patches. Some important columns are explained below.

    • Asset groups (approved for): Deployment of the patch has been approved for devices belonging to the asset group(s) listed in this column.

    • Patch type: Use filters "Security patch", "Non-security patch", "Security tool" or "OS Upgrade" to find the type of patches that you are interested in.

    • Severity: This column tells how important the patch has been rated. Possible values: Critical, Important, Moderate, Low, None.

    • Status: Installed: Number of devices having the patch successfully installed. On the Asset's Security inventory, you can see if the patch was installed by Miradore.

    • Status: Installed by superseding: Number of devices that have a newer (superseding) patch installed.

    • Status: Not installed: Number of devices which don't have the patch installed.

    • Total assets: Number of devices for which the patch is applicable.

    • Explore also the view filters if it is difficult to find the interesting patches in the view. You can use, for example, the "Patch product version" filter to detect patches for very specific software product versions.

  3. Use the tools under the view's tasks menu to approve the installation of selected patches.

  1. Next, you are asked to select an asset group as a target for the patch installation rule, and you will also need to define the installation action (Deny installation / Install) for the asset group. You can also remove earlier rules by selecting "Not approved".

    • In order to speed up the patch deployment, you can request Miradore patch manager to download the patch installation package to media master installation point immediately after the approval by checking the "Download patch now" check box. If you leave this unchecked, the patch downloading will be done according to the settings defined in system settings for patch management.

    • You can also use the "Activate at" field to define a specific calendar day when the security patch approval becomes effective. If you choose a date there, then the approval doesn't come into effect before that.

    • Asset groups are groups of computers that can be managed though the Asset groups view. With the help of asset groups, you can target patches to custom computer groups. For more information, see About asset groups.

 

  1. You can see the approval status of each security patch from the "Approval status" section on the Patch item. From the Patch item's Event log, you can even see who updated the approval rule.

Related process

Patch management

See also

How to use automatic security patch approval rules

About asset groups

 

Copyright © 2022 Miradore Ltd. All rights reserved. Miradore is a registered trademark of Miradore Ltd. All other trademarks or registered trademarks are property of their respective owners.