Quantcast
Channel: Ivanti User Community : All Content - Patch Manager
Viewing all articles
Browse latest Browse all 1121

How to repair vulnerabilities using a pre-cache task (install from local cached file or peers instead of from the source)

June 1, 2009, 3:47 pm
$
0
0

Question

 

How can I push a large patch out to my different locations and force the clients at those locations to use a locally cached copy and not download the file from the core?

 

Answer

 

You can use the staging task which is part of a repair task to first push the patch to a specific number of computers. Then push the repair task to all of the computers with the "Download patch only from local peers" option selected.

 

The following assumes that a full vulnerability scan has been run on the clients you wish to stage the patches to.

 

      1. Open the Ivanti Endpoint Manager Console
      2. Go to Tools | Security and Compliance | Patch and Compliance
      3. Change the selected types in the top left to "All Types" if you wish to view all detected vulnerabilities in any category, or select another type if you are only staging and repairing for a particular vulnerability type.
      4. Click on theDetected folder
      5. Ctrl-Click or Shift-Click the desired definitions
      6. Right-click on the definitions you wish to deploy the patches for.
      7. Select Download associated patches.
        2015-06-04_7-22-00.jpg
      8. Make sure that you have the patch(es) downloaded.
      9. Close the window
      10. Select and right-click on the vulnerability definition(s) you wish to repair.
      11. Select Repair.
        2015-06-04_7-43-07.jpg
      12. Select Task Settings in the left-hand pane.
      13. Select the "Pre-cache (download for a future task or portal initiated action" radio button.
      14. Select Repair Settings in the left-hand pane and then tick the box next to Override Preferred Server / Peer Download options
        • If you wish to allow the computer to download from its local cache or peers, only check the "Attempt Peer Download" option  (Recommended)
        • If you wish to allow download from cache, local peers, and/or preferred server, select both "Attempt Peer Download" and "Attempt Preferred Server"

Note: By default a patch that is pre-cached by the method above will only stay in the SDMCache on the local machine for a default of 7 days. If you would like the patch(es) to remain in the SDMCache folder for a longer period of time do the following:

Clients can use their own cache to install files, or their cache is used in the peer-download concept to supply the patches to other computers on the same subnet, thus saving bandwidth and traffic back to the preferred server and/or source.

Change Client Cache (SDMCACHE) Retention Period

 

  1. Open the "Agent Settings" tool under the "Configuration" tool group.
  2. Select "Client connectivity" under the groups of settings.
  3. Double-click an existing setting to edit, or right-click select "New" to create a new setting.
  4. Click the "Download" section in the left-hand pane.
    2015-06-04_8-24-23.jpg
  5. Set the "Number of days to stay in the client Cache" option to the desired amount.
  6. Click OK

 

Note: Ensure that the computers added to the pre-cache task are vulnerable for the patches included in the task, otherwise the pre-cache process will not work correctly.

Search
Viewing all articles
Browse latest Browse all 1121
Search
<script src="https://jsc.adskeeper.com/r/s/rssing.com.1596347.js" async> </script>