Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

Navigation
Guide That Contains This Content
[+] Expand All
[-] Collapse All

    Configuring a Patch Assessment Custom Rule (NSM Procedure)

    For Windows clients, you can use the system management server (SMS) remediation feature to provide automatic updates to noncompliant software. By using a patch assessment custom rule, you can force the client to initiate the software update immediately after the patch assessment check.

    To configure a patch assessment custom rule:

    1. In the NSM navigation tree, select Device Manager > Devices.
    2. Click the Device Tree tab, and then double-click the Infranet Controller for which you want to configure a patch assessment custom rule.
    3. Click the Configuration tab. In the configuration tree, select Authentication > Endpoint Security > Host Checker.
    4. Under Policies, select an existing policy or click the Add button to create a policy.
    5. Under Platforms, select Windows.
    6. Select the Settings tab, and then select Patch Assessment Rules.
    7. Click Add. The New Custom: Patch Assessment page appears.
    8. Enter a name for the integrity measurement rule.
    9. Select either Scan for specific products or Scan for specific patches.
    10. Select either Scan for specific products > All products or Scan for specific products > Specific products. The Host Checker checks for all of the exposed patches on the endpoint.
      1. If you select All Products, then the Host Checker scans for all of the exposed patches on the endpoint.
        • Click the Ignore these patches button to select specific patches that you wish to ignore for all products. Then click the Add button.
        • Click the OK button to save information on specific patches that you wish to ignore.
        • For Microsoft products, clear the check boxes to determine the severity level of the patches that you wish to ignore. For example, if you wanted to check for only critical patches for the selections, clear the check boxes for Severity Important, Severity Moderate, Severity Low, and Severity Unspecified.
      2. If you select Specific Products, then the Host Checker scans for specific product versions and ignores specific patches of those products.
        • Select software products from the Non-members area and add then to the Members area.
        • Click the Ignore these products button to ignore specific patches pertaining to products.
        • From the Non-members area, select the patches you wish to ignore, and click the Add button to move it to the Members area
        • Click the OK button to save information on specific patches that you wish to ignore.
    11. Select Scan for specific patches to scan for specific patches from the list of available patches.
      • Select patches from the Non-members area and click Add to move the patches to the Members area.
    12. Select Enable SMS patch update to direct the Infranet Controller to notify the SMS server to update the client in the event of a failed patch assessment rule. SMS remediation is triggered each time Host Checker detects that an endpoint is not compliant.
    13. Click the OK button to save the changes.
    14. Click the Remediation tab on the main Host Checker Policy page, and then select the Send reason strings option to display remediation information to users.

    Published: 2012-11-28