Comodo One. The Ins and Outs of Patch Management using Comodo ITSM

December 7, 2016 | By Comodo

How to check patch status and deploy selected patches to devices

Step 1: Open ITSM and click ‘Devices’ > ‘Device List’. Click on your target device and open the ‘Patch Management’ tab. This will list all patches available for the device. The column on the far right tells you whether the patch is installed, or available for installation. The importance of the patch is shown in the ‘Severity’ column’

Step 2: Optional. Click the funnel icon on the right to filter patches based on name, install status, severity and other criteria.

Comodo One

 

Step 3: Select the patches you want to deploy to the device using the checkboxes on the left. Click the ‘Install Patch’ button to deploy:

Install Patch

Step 4: The selected patches will be added to the install queue and will be applied immediately after the next successful communication with the device.

Patch Management

How to deploy patches from the ‘Patch Management’ interface

The Applications > Patch Management interface allows you to install missing patches to all managed devices.

Step 1: Open ITSM and click ‘Applications’ > ‘Patch Management’. The interface lists all available patches for managed endpoints. The ‘Installed’ and ‘Not Installed’ columns show how many devices have the patch installed versus not installed. Click the numbers in these columns to view the target devices.

Step 2: Optional. Click the funnel icon on the right to filter patches based on name, install status, severity and other criteria.

Patch Management Interface

Step 3: Select the patches you want to deploy using the checkboxes on the left. Click the ‘Install Patch’ button to deploy:

Install Patch - Interface

Step 4: The selected patches will be added to the install queue and will be applied immediately after the next successful communication with the device(s).

Patch Management list


How to add a patching schedule to a profile

Adding a patch procedure to a configuration profile allows you to automatically patch devices according to a schedule of your choice. Note – this tutorial shows you how to schedule a Comodo ‘pre-defined’ patch procedure. You can also create your own procedures by clicking ‘Configuration Templates’ > ‘Procedures’.

Step 1: Open ITSM and click ‘Configuration Templates’ > ‘Profiles’. Select the profile to which you want to add the patch procedure.

Step 2: Click the ‘Add Profile Section’ button on the top and select ‘Procedures’. If you have already added the ‘Procedures’ component then just click on it and proceed to step 3.

patch management profile

Step 3: Open the ‘Procedures’ tab and click ‘Add’:

Procedures

 

Step 4: Start typing the name of a patch procedure in the search box. Comodo ITSM has the following, pre-defined, patch procedures to choose from:

Critical Patch Updates

Security Patch Updates

Patch Maintenance

Best practice – we advise you schedule ‘Critical Patch Updates’ and ‘Security Patch Updates’ to run daily, and ‘Patch Maintenance’ to run weekly.

Note. You can also create custom patch procedures. Click here for help with this.

Step 5: After choosing your procedure, select the start date and frequency and start time:

Existing Procedure

Step 6: Click ‘Add’ to add procedure to the profile. Click ‘Save’ (on the right) to save the profile.

The patch procedure will automatically run on the devices to which the profile is applied.


How to manually run a patch procedure on devices

Patch procedures can be run directly on selected devices from the ‘Procedures’ interface.

Step 1: Open ITSM and click ‘Configuration Templates’ > ‘Procedures’

Step 2: Expand the ‘Predefined Procedure’ folder on the left and select ‘Patch Deployment’:

procedure

Step 3: Choose which patch procedure you wish to run from the following pre-defined procedures to choose from:

Critical Patch Updates
Security Patch Updates
Patch Maintenance

Best practice – we advise you run ‘Critical Patch Updates’ and ‘Security Patch Updates’ on daily basis, and ‘Patch Maintenance’ on a weekly basis. You may also want to consider scheduling patch updates if you haven’t done so already.

Step 4: Click the ‘Run’ button then select your target devices:

Procedure Run

You can choose ‘All Devices’, or start typing in the ‘Selected Device(s)’ field to choose specific devices or device groups:

Run Procedure

Step 5: Click ‘Run’ to immediately deploy the patch procedure to selected devices.

How to create a custom patch procedure

ITSM ships with a set of predefined patch procedures which cover most use cases. However, you can also create your own procedures to specify exactly which types of patches are deployed.

Step 1: Open ITSM and click ‘Configuration Templates’ > ‘Procedures’

Step 2: Click the ‘Create’ button then ‘Create Patch Procedure’:

Step 3: Type a name and description for your procedure then choose the folder in which to save it. In this example, we will use the custom folder ‘My Procedures’. Click ‘Create’ to save your procedure.

Step 4: You will be automatically taken to the procedure configuration screen. The configuration screen has three tabs – General, Execution Options and Execution log:
install critical procedures

General – Allows you modify the name, description and folder of the procedure, and to set which alert is displayed should the procedure fail.

Execution Options – Lets you fine tune which types of patches are covered by the procedure. For security updates, you can also choose which severity of patches to install.

Execution Logs – Shows a list of all logs of patch deployment. These are useful to check whether the patch ran correctly or not.

Once these steps have been completed and you approve the new procedure, you can run it on all or selected devices by clicking the ‘Run’ button:

Run Procedure

  • Once approved, your new procedure will be listed in ‘Configuration Templates’ > ‘Procedures’ > ‘My Procedures’ folder. You can run it on devices from this interface at any time. Click here for more help with this.
  • You can also add your new procedure to a profile for regular, scheduled deployments. Click here for more help with this.

How to check complete details about the specific patch?

Step 1: Go to ITSM > APPLICATIONS > Patch Management and click over any patch from the table

patch_man1a

Check the General Information of the patch application.

1. File Name – Name of the file
2. Version – Version number of the file
3. Vendor Severity – It is status of Severity of the Vendor

  • Important – Important patch, you may update or not
  • Critical – patch, you should update for the security of your system
  • Recommended – patch, you are recommended for update
  • Normal – you may update or not

4. Release Date – Date of the patch released

  • KB – Microsoft Knowledge Base is a repository of articles made available to the public by Microsoft Corporation. It contains information on many problems encountered by users of Microsoft products. Each article bears an ID number and articles are often referred to by their Knowledge Base (KB) ID.
  • Description – Purpose of the package is given here

Step 2: Click ‘Vendor’ tab and check out the Vendor Information.

1. Vendor name – Name of the vendor
2. Vendor severity – It is status of Severity of the Vendor

  • Important – Important patch, you may update or not
  • Critical – patch, you should update for the security of your system
  • Recommended – patch, you are recommended for update
  • Normal – you may update or not

3. Support URL – URL of the vendor to support the package queries

Step 3: Click the ‘Security Patch Info’ tab and check out the information

1. Supercedes – The respective security bulletins will list the superseded patches, and you have to check for Security Update Replacement in the bulletin.
2. Bulletin – a brief public notice issuing for the patch release usually from an authoritative source
3. Supercedes bulletin ID – ID of the security bulletins and knowledge-base articles superseded by the patch
4. Release date – Date of the release of the Suprecedes

Step 4: Click the ‘Bulletin’ tab and check out the information.

1. ID – Unique number to identify Bulletin of the patch
2. Description – Purpose of the patch release

Step 5: Click the ‘CVE IDs’ to check out the information

1. CVE – Common Vulnerabilities and Exposures (CVE) is a catalog of known security threats.

Be Sociable, Share!

    Add new comment

    Your name
    Comment

    You may use these HTML tags and attributes: <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>