7.2 Interpret Page Content

The items in this section explain how to interpret what you see on the Patches page, to include:

Patch Name
Total Patches Available
Patch Impact
Patch Statistics
Patch Release Date

7.2.1 Patch Name

The Patch Name is the name that identifies a patch. This name typically includes the vendor or manufacturer of the patch, the specific application, and version information.

An example of a patch name is shown as follows. It indicates that Adobe is the vendor, Adobe Flash Player is the application, and 21.0.0.242 is the version information:

Microsoft Patches:

All Microsoft security patches are titled with their Microsoft Security Bulletin number in the format MS0x-yyy, where 0x indicates the year the patch was released and yyy indicates the sequential number of the released patch. These patches are critical and must be installed as soon as possible.
Names of all Microsoft non-security patches include the Knowledge Base (KB) article number. These patches can be installed at your discretion.
The names of Microsoft service packs and third-party patches do not usually contain a KB number and never a Microsoft Security Bulletin number. Test these service packs thoroughly to ensure that they have the expected results.

For more information on the naming conventions for patches, refer to Comprehensive Patches and Exposures (CVE), which is a list of standardized names for patches and other information exposures. Another useful resource is the National Patch Database, which is the U.S. government repository of standards-based patch management data.

7.2.2 Total Patches Available

The total number of patches that are available for deployment is displayed in the bottom-left corner of the Patches panel. In the following figure, the total number of available patches is 106:

7.2.3 Patch Impact

The Impact is the type of patch defined on the basis of the severity of the patch; the type can be Critical, Recommended, Informational, or Software Installers. Each impact is described as follows:

Critical: ZENworks has determined that this type of patch is critical, and should be installed as soon as possible. Most of the recent security updates fall in this category.
Recommended: ZENworks has determined that this patch, although not critical or security related, is useful and should be applied to maintain the health of your computers. You should install patches that fall into this category.
Informational: This type of patch detects a condition that ZENworks has determined is informational. Informational patches are used for information only. There is no actual patch to be installed.
Software Installers: These types of patches are software applications. Typically, this includes software installers. The patches show Not Patched if the application has not been installed on a machine.

Patch Management impact terminology for its patch subscription service closely follows the vendor impact terminology for patch criticality. Each operating system has a vendor-specific impact rating and that impact is mapped to a ZENworks rating as described in this section. Patch Management, following the recommendations of Lumension Security, increases or steps up the severity of the impact rating. For example, Microsoft classifications for Critical, Important, and Moderate patches are all classified as Critical by ZENworks.

The following table lists the mapping between ZENworks and Microsoft patch classification terminology:

Table 7-1 ZENworks and Microsoft Patch Impact Mapping

ZENworks Patch Impacts	Windows	Other
Critical	Critical Security Important Moderate	NA
Recommended	Recommended Low Example: Microsoft Outlook 2003 Junk E-mail Filter Update	NA
Informational	NA	NA
Software Installers	Software Distribution Example: Microsoft Windows Malicious Software Removal Tool (Virus Removal)	Adobe 8.1 software installer

Source: Lumension Security

7.2.4 Patch Statistics

Patch statistics show the relationship between a specific patch and the total number of devices (or groups) within ZENworks Server that meet a specific status. The patch statistics appear in two columns on the far right side of the Patches page. Each column status is described as follows:

Patched: Displays a link indicating the total number of devices to which the corresponding patch has been applied.

Click a link to display a page that lists the patched devices, in alphabetical order.

The Patched page provides the following information about the devices to which a patch has been applied.

Item	Definition
Device Name	The name of the device registered with ZENworks Patch Management to which the patch is deployed.
Last Contact	The last time the device contacted the Patch Management Server.
Device Type	Server or Workstation.
DNS	The name of the DNS server.
IP Address	The IP address of the device.

Action menu: The Action menu provides two options: Remove and Export.

You can uninstall the patch by using the Remove option in the Action menu. If a patch does not support uninstallation, the Remove option in the Action menu is disabled.

You can export the data on one or more selected patches to a .csv file by using the Export option.

Not Patched: Displays a link indicating the total number of devices to which the corresponding patch has not been applied.

The Not Patched page provides the following information about the devices to which a patch has been applied.

Item	Definition
Device Name	The name of the device registered with ZENworks Patch Management to which the patch is to be deployed.
Last Contact	The last time the device contacted the Patch Management Server.
Device Type	Server or Workstation.
DNS	The name of the DNS server.
IP Address	The IP address of the device.

You can deploy the patch to these devices by using the Deploy Remediation option in the Action menu.

Information: The Information page displays detailed information for a selected patch.

You can view the following information for a patch:

Property Name	Definition
Name	The name of the patch.
Impact	The impact of the patch as determined by ZENworks. See Patch Impact.
Status	Status of the patch; can be Enabled, Disabled (Superseded) or Disabled (By User).
Vendor	The name of the vendor.
Released on	The date the patch was released by the vendor.
Vendor Product ID	The ID number given to the product by the vendor.
Description	The description of the patch; includes detailed information concerning the defect or issue resolved by this patch, deployment notes, and the prerequisites for deployment.
Number of Devices Patched	The number of devices to which the patch has been applied.
Number of Devices Not Patched	The number of devices to which the patch has not been applied.
Number of Devices Not Applicable	The number of devices to which the patch does not apply.
CVE Code	The Common Vulnerabilities and Exposures ID for the patch, if applicable.
URL	A URL that has more information about the patch.
Size	The size of the patch.

The patches shown in the Patches page have different icons indicating their current status. The following table describes the icons for each patch:

Patch Icon	Significance
	Indicates the patches that are disabled. Disabled patches are hidden by default. Use the Include Disabled filter in the Search panel to show these items.
	Indicates that only the fingerprint information for the patch has been brought down from the ZENworks Patch Subscription Network. This icon represents the patches that are not cached.
	Indicates that a download process for the bundles associated with the selected patch is pending.
	Indicates that a download process for the bundles associated with the selected patch has started. This process caches those bundles on your ZENworks Server.
	Indicates that the fingerprints and remediation patch bundles that are necessary to address the patch have been cached in the system. This icon represents the patches that are cached and ready for deployment.
	Indicates that an error has occurred while trying to download the bundle associated with the selected patch.

7.2.5 Patch Release Date

The date the patch was released by the vendor is displayed in the right column under Released On. Click the Released On column to sort patches by their release date. All the patches released in the last 30 days are displayed in bold font.