Note: This feature is enabled by default in EPM 2017.1 and newer and cannot be disabled in these versions.
This article describes the content verification feature within Ivanti Patch and Compliance Manager
Content verification can be enabled to cause the Ivanti EPM Core server to add in a hash checking feature when downloading content from the Ivanti EPM Patch Content servers.
The content verification feature applies to the content only, it does not apply to individual patch files themselves. The patch file hash information is contained within the definition information and is verified as part of the patch installation process.
Content verification is only available for the following content types:
- Microsoft Windows Vulnerabilities
- Microsoft Windows Security Threats
- LANDesk Updates
Note: When content verification is enabled, but content types other than the types mentioned above are downloaded (Apple Macintosh definitions, for example), errors may be thrown.
Example of errors for content types that do not support Content Verification:
Even though an error is thrown, the content is still downloaded correctly.
Content verification can be enabled within the Download Updates tool under the Content Tab:
This feature was updated in Ivanti EPM 2017.3. The verification option is now greyed out as this feature is baked into the Patch Download Tool and enabled by default.
Verify definition signatures/hashes before downloading
NOTE: When checked, any definitions that do not have a valid SHA256 hash will not be downloaded. Also, any lists of definitions that do not have a valid signature will not be processed. The download progress form will show any download failures due to invalid/missing signatures or hashes.