For security reasons, some customers may need to exclude some managed devices from the patch management feature in Ivanti EPM.
For instance, this could be required for some critical computers where the patches need to be applied manually.
Here is a tutorial on how to achieve this result:
Step 1
In the Ivanti EPM console, Select "Agent settings" and then "Distribution and Patch"
Step 2
Create a new "Distribution and Patch Settings" set.
Step 3
In the "Scan options" tab, make sure that the "enable autofix" option is not checked.
Additionally, if you have some patch groups configured, make sure that "Immediately install (repair) all applicable items" is not checked.
Otherwise, this option will override the "never autofix" agent setting if checked.
Save the settings.
Step 4
Create a new agent configuration
Select the "Standard Ivanti agent" tab and make sure that the "never autofix option" is enabled.
In the "Distribution and Patch" tab, select the settings that you created in stage 3.
Save the settings.
Step 5
The last step will be to deploy the new agent configuration to all the managed devices that are supposed to be excluded from the patch management.