Setting the Patch Management module parameters
The Patch Management (PatchManagementPremium) module is completely automated to make patching painless: it scans, remediates and reports on your whole network autonomically to keep security patches on a large number of applications of different manufacturers up to date. This module is loaded by default only on the master if it is a Windows device.
Parameter | Default Value | Description |
|---|---|---|
Scan machine on startup | No | Defines if the device is scanned for the current patch situation at agent startup. |
Differential Upload | Yes | Specifies if the inventory is to be completely replaced which each upload when differences are detected or only the delta, that is, the modifications of the inventory. If the inventory template is changed the next inventory will always be a complete inventory, even if this option is activated. |
Synchronize at Startup | Yes | Patch synchronization allows a device to send its current list of patch groups it is assigned to as well as their checksum. The master compares the checksum and if it is different to its own it sends the master list of patch groups to the device. |
Additional Automatic Synchronization Hour | 23 | Enter here the hour at which an additional synchronization is to be effected, that is, the comparison of locally available operational rules with the operational rules master list. The format is 24-hour format, for example, 23 for 11 pm . |
Minimum Gap between Two Automatic Synchronizations (sec) | 43200 | Defines the minimum interval in seconds at which the rule synchronizations are to be done. This means that if a default synchronization is executed at 23:00 at night and the client is started at 6 am with agent startup synchronization defined, no synchronization is executed until at least 11 am even if the agent is started/restarted before, as the interval is fixed for 12 hours minimum. |
Enable Internet Check for Knowledge Base Update | Yes | Check this box to activate the verification for new versions of the Knowledge Base via the Internet. This value is only applicable to the Patch Manager, for all other devices this value should be deactivated. |
Internet Check Schedule for Knowledge Base Update | Every Day , at , 23:00 | Click the Edit icon to the right of the field to define or modify the schedule for the Knowledge Base update via Internet. Select the desired values from the options in the appearing window. |
Automatic Knowledge Base Update after Check | Yes | Check this box to automatically update the configuration files with the newly found version of the files. If activated this option only downloads the file if the file is of a newer version than the version currently available on the Patch Manager, or if the Force Parse parameter is activated. It then directly updates the local file. |
Upload New Inventory if New Version is Detected | No | If a new version of the Knowledge Base is detected on the Patch Manager, it automatically launches a new patch inventory scan via the respective operational rule and uploads the results. |
Patch Process Interval (sec) | 60 | Manages the patch module thread execution, defining the interval in seconds at which requests on the database are executed. |
Archiving of Downloaded Patches after Publication | Defines if the patches are stored in the download directory of the Patch Manager after the patch custom package was created and successfully published to the Master. If the option Move is selected, you need to fill in the following field Path for Local Patch Repository which defines the path to the local storage location. | |
Path for Local Patch Repository | Defines the local path which the patch module checks if the patch to be downloaded is already available locally there before actually downloading it from the Internet. | |
Download Retry Count | 1 | Specifies the number of retries for a patch download. |
Download Retry Interval (sec) | 300 | Defines the interval in seconds between each retry for the patch download. |
Block Patch Installation | No | Check this box to prepare the patch installation on all targets of the group for execution, without launching the installation itself. |
Maximum number of concurrent downloads | 3 | Defines the number of patches that can be downloaded simultaneously. |
| Download Patch From Internet | To download a patch, choose one of the following options:
You cannot download patches from vendors directly from the Internet; by default, they are downloaded using a relay. You can exclude patches acquired from vendor in the patch groups and patch jobs configuration. | |
| Report Replaced Patches | No | Check this box to display all patches in the Patch Inventory, including the superseded ones. You can use this option to patch up to a particular version, not just up to the most recent. This option can be used with patch groups but note that with patch jobs, the whole series of patches is installed from the first missing patch to the last. Using this option requires a larger database (inventories can increase by up to four times), and that can cause performance issues. |
| Proxy Mode | Select one of the following options to configure proxy settings:
To prevent behavior change, the default value for upgrades is proxy_force. |
Comments
Log in or register to comment.