Patch Management
Patch management helps ensure that systems and applications are secure against known vulnerabilities and exploits. The Patch management section lists all available patches remedying the detected vulnerabilities and makes the remediation process easier through automated software updates. With patching options, you can promptly ensure that your endpoints are updated with the latest security patches.
Prerequisites To view and enable ESET Vulnerability & Patch Management, ensure you have one of the following tiers: •ESET PROTECT Elite •ESET PROTECT Complete You can enable ESET Vulnerability & Patch Management only on Windows computers running: •ESET Management Agent version 10.1+ •ESET Endpoint Security for Windows version 10.1+ •ESET Endpoint Antivirus for Windows version 10.1+ |
ESET Vulnerability & Patch Management is not supported on ARM processors. |
ESET Bridge users ESET Bridge blocks the Patch Management network traffic by default. ESET Bridge does not affect the reporting of vulnerabilities. To enable the Patch Management network traffic, disable the Access Control List (ACL) rules in the ESET Bridge configuration file: 1.Open the ESET Bridge configuration restrict.conf.template file in a text editor: oWindows: C:\ProgramData\ESET\Bridge\Proxies\Nginx\Conf\restrict.conf.template oLinux: /var/opt/eset/bridge/nginx/conf/restrict.conf.template 2.Change set $valid_host 0; to set $valid_host 1;. 3.Save the restrict.conf.template file. 4.Restart the ESET Bridge service. Disabling ACL rules allows the routing of all network traffic via ESET Bridge (ESET Bridge becomes an open proxy). |
Patch Management is enabled during Vulnerabilities & Patch Management activation.
View Patch Management
You can view Patch Management from several places:
•Click Patch Management in the main menu to open the Patch Management section and view a list of patches
•Click Computers > select Details > in the Vulnerability & Patch Management tile, click Show patches to open the Patch Management section
Grouping the view
To group patches, select from the drop-down menu:
•Ungrouped—default view
•Group by Application name—when grouped, click an application row and click Show Devices to display devices (computers) where a patch will be applied
Filtering the view
To add filtering criteria, click Add Filter and select item(s) from the list. Type the search string(s) or select the items from the drop-down menu in the filter field(s) and press Enter. Active filters are highlighted in blue.
•Application name—the name of the application with the vulnerability
•Application version—the version of the application causing the vulnerability
•Patch version—the patch version
•Severity—severity level, including informational, warning, or critical
•Computer name—the name of the affected computer
•Application vendor—the name of the application vendor
Side panel with details
Click an application name to view application details in a side panel. Application preview manipulation:
•Next—displays the next application details in the side panel
•Previous—displays the previous application details in the side panel
•Manage content for Patch Detailsmanages how the side panel sections are displayed and in what order
•Close—closes the side panel
Deploy patches
You can patch only selected apps. |
We recommend that you enable the auto-patch management via a policy. |
When automated patching is configured, the solution will automatically patch applications during maintenance windows.
Some applications require a computer restart and can restart computers automatically after an upgrade. |
Some applications (for example, TeamViewer) can be licensed to a specific version. Revise your applications. To avoid an unnecessary upgrade, set Auto-patch strategy > Patch all except excluded applications while creating a policy. |
Alternatively, you can deploy patches via:
•Select the applications where you want to deploy patches > click the Actions button and click Upgrade.
•To patch an application on all affected devices, apply the Group by Application name view, select the application name row, click and click Upgrade.
After you deploy patches with the Upgrade button, a new client task Apply application patch will be created automatically in Tasks. The patches will be applied based on the Vulnerability & Patch Management scheduler set in Policies.