7.2 View Patch Details

Using the Patches page you can view the details of all patches that are applicable to the zone and you can also view information about all patches that are applicable for a specific device.

7.2.1 Zone-Level Patches

This page can be accessed by clicking the Security tab in the left navigation menu and then clicking the Patches tab. This page displays a list of all patches that are applicable to the zone and it provides the following information:

Patch Name

The Patch Name is the name that identifies a patch. This name typically includes the vendor or manufacturer of the patch, the specific application, and version information.

An example of a patch name is shown as follows. It indicates that Adobe is the vendor, Adobe Flash Player is the application, and 21.0.0.242 is the version information:

Microsoft Patches:

  • All Microsoft security patches are titled with their Microsoft Security Bulletin number in the format MS0x-yyy, where 0x indicates the year the patch was released and yyy indicates the sequential number of the released patch. These patches are critical and must be installed as soon as possible.

  • Names of all Microsoft non-security patches include the Knowledge Base (KB) article number. These patches can be installed at your discretion.

  • The names of Microsoft service packs and third-party patches do not usually contain a KB number and never a Microsoft Security Bulletin number. Test these service packs thoroughly to ensure that they have the expected results.

For more information on the naming conventions for patches, refer to Comprehensive Patches and Exposures (CVE), which is a list of standardized names for patches and other information exposures. Another useful resource is the National Patch Database, which is the U.S. government repository of standards-based patch management data.

The patches shown in the Patches page have different icons indicating their current status. The following table describes the icons for each patch:

Patch Icon

Significance

Indicates the patches that are disabled.

Disabled patches are hidden by default. Use the Include Disabled filter in the Search panel to show these items.

Indicates that only the fingerprint information for the patch has been brought down from the ZENworks Patch Subscription Network. This icon represents the patches that are not cached.

Indicates that a download process for the bundles associated with the selected patch is pending.

Indicates that a download process for the bundles associated with the selected patch has started. This process caches those bundles on your ZENworks Server.

Indicates that the fingerprints and remediation patch bundles that are necessary to address the patch have been cached in the system. This icon represents the patches that are cached and ready for deployment.

Indicates that an error has occurred while trying to download the bundle associated with the selected patch.

Total Patches Available

The total number of patches that are available for deployment is displayed in the bottom-left corner of the Patches panel. In the following figure, the total number of available patches is 106:

Patch Impact

The Impact is the type of patch defined on the basis of the severity of the patch; the type can be Critical, Recommended, Informational, or Software Installers. Each impact is described as follows:

  • Critical: ZENworks has determined that this type of patch is critical, and should be installed as soon as possible. Most of the recent security updates fall in this category.

  • Recommended: ZENworks has determined that this patch, although not critical or security related, is useful and should be applied to maintain the health of your computers. You should install patches that fall into this category.

  • Informational: This type of patch detects a condition that ZENworks has determined is informational. Informational patches are used for information only. There is no actual patch to be installed.

  • Software Installers: These types of patches are software applications. Typically, this includes software installers. The patches show Not Patched if the application has not been installed on a machine.

Patch Management impact terminology for its patch subscription service closely follows the vendor impact terminology for patch criticality. Each operating system has a vendor-specific impact rating and that impact is mapped to a ZENworks rating as described in this section. Patch Management, following the recommendations of Lumension Security, increases or steps up the severity of the impact rating. For example, Microsoft classifications for Critical, Important, and Moderate patches are all classified as Critical by ZENworks.

The following table lists the mapping between ZENworks and Microsoft patch classification terminology:

Table 7-1 ZENworks and Microsoft Patch Impact Mapping

ZENworks Patch Impacts

Windows

Other

Critical

Critical Security

Important

Moderate

NA

Recommended

Recommended

Low

Example: Microsoft Outlook 2003 Junk E-mail Filter Update

NA

Informational

NA

NA

Software Installers

Software Distribution

Example: Microsoft Windows Malicious Software Removal Tool (Virus Removal)

Adobe 8.1 software installer

Patched

The Patched column displays a link indicating the total number of devices to which the corresponding patch has been applied.

Click a link to display the Devices that are patched with the selected patch.

Not Patched

Displays a link indicating the total number of devices to which the corresponding patch has not been applied.Click a link to display the Devices on which the patch has not been applied as yet. You can deploy the patch to these devices by using the Deploy Remediation option.

Patch Release Date

The date the patch was released by the vendor is displayed in the right column under Released On. Click the Released On column to sort patches by their release date. All the patches released in the last 30 days are displayed in bold font.

Search Patches

The Search panel on the Patches page offers extensive search and data filtering options that allow you to search for specific patches and filter result sets based on the status and impact of the patches. Searching and filtering can be performed independently of each other or can be combined to provide extensive drill-down capabilities.

To search for a patch:

  1. Type all or part of the patch name in the Patch Name text box.

  2. Select applicable filter options; the CVE identifier must be typed.

  3. Click Search.

To filter from all existing patches:

  1. Leave the Patch Name text box empty.

  2. Select applicable filter options.

  3. Click Search.

NOTE:Click Reset to return to the default settings.

The following table describes the result of selecting each filter option under Status:

Status Filter

Result

Patched

Search results include all the patches in the patch list that have been applied to one or more devices.

Not Patched

Search results include all the patches in the patch list that have not been applied to any device.

Not Applicable

Search results include all the patches in the patch list that do not apply to the device.

Include Disabled

Search results include all the patches in the patch list that have been disabled by the administrator.

The following table describes the result of selecting each filter option under Impact (Impact Filters in Search):

Impact Filter

Result

Critical

Search results include all the patches in the patch list that are classified as Critical by ZENworks.

Recommended

Search results include all the patches in the patch list that are classified as Recommended by ZENworks.

Informational

Search results include all the patches in the patch list that are classified as Informational by ZENworks.

Software Installers

Search results include all the patches in the patch list that are classified as Software Installers by ZENworks.

The following table describes the remaining filter options on the Search panel:

Filter

Result

Platform

Search results include all the patches relevant to the operating system in the patch list.

Vendor

Search results include all the patches relevant to the vendor in the patch list.

Cache Status

Search results include all the patches relevant to their cache status on the local server.

CVE Identifier

Search results include all the patches that have the common vulnerabilities and exposures ID that you type.

Relationships

NOTE:This filter is only applicable to the Patches page on a selected patch policy.

Search results include patches for devices assigned to a patch policy, according to the option selected in the filter menu.

For more information, see Understanding the Relationships Filter.

Understanding the Relationships Filter

The Search feature on the Patches page for a patch policy differs from the Search feature on the global Patches page by omitting the Platform filter and adding the Relationships filter. The Relationships filter enables you to limit and define the reporting of patch status according to the devices assigned to the patch policy as described below:

First 500 Devices

This is the default setting. It displays patch status for the first 500 devices assigned under the Relationships tab of a selected patch policy. If the policy is assigned to more than 500 devices, the complete list of devices can be viewed under Patched and Not Patched column values.

Test Devices

This option displays patch status for patches on designated test devices assigned to the selected patch policy.

Specific devices

Specific devices, device folders, or device groups will be listed under the Test devices option. For example, <computer name>, Workstations, Windows 10 Workstations and so forth can be assigned as a relationship to the patch policy.

When you filter on one of these relationship types, patch status will only be displayed for device patches that fall within that device criteria.

IMPORTANT:Due to the complexity of returning Patched and Not Patched results and the variables involved, a hundred percent accuracy for device counts in patch status is uncommon with large organizations. For example, if your organization has more than 500 devices assigned to a patch policy and you open the Patches page on that policy, the aggregate number of devices in the Patched and Not Patched columns is unlikely to reach 500 with the Relationships.

7.2.2 Device Patches

Using the Device Patches Page you can view information related to all patches, patch policies and remediation bundles assigned to the selected device. You can also perform actions for particular patches and refresh the assignments made to the device. The Device Patches page includes the following panels:

Patches

Figure 7-1

This panel lists all the patches that are applicable to the device and provides the following information for each patch:

Patch Name

The Patch Name is the name that identifies a patch. This name typically includes the vendor or manufacturer of the patch, the specific application, and version information.

An example of a patch name is shown as follows. It indicates that Adobe is the vendor, Adobe Flash Player is the application, and 21.0.0.242 is the version information:

Microsoft Patches:

  • All Microsoft security patches are titled with their Microsoft Security Bulletin number in the format MS0x-yyy, where 0x indicates the year the patch was released and yyy indicates the sequential number of the released patch. These patches are critical and must be installed as soon as possible.

  • Names of all Microsoft non-security patches include the Knowledge Base (KB) article number. These patches can be installed at your discretion.

  • The names of Microsoft service packs and third-party patches do not usually contain a KB number and never a Microsoft Security Bulletin number. Test these service packs thoroughly to ensure that they have the expected results.

For more information on the naming conventions for patches, refer to Comprehensive Patches and Exposures (CVE), which is a list of standardized names for patches and other information exposures. Another useful resource is the National Patch Database, which is the U.S. government repository of standards-based patch management data.

When you click the patch name link, the Patch Details Page page is displayed.

Patch Impact

The Impact is the type of patch defined on the basis of the severity of the patch; the type can be Critical, Recommended, Informational, or Software Installers. Each impact is described as follows:

  • Critical: ZENworks has determined that this type of patch is critical, and should be installed as soon as possible. Most of the recent security updates fall in this category.

  • Recommended: ZENworks has determined that this patch, although not critical or security related, is useful and should be applied to maintain the health of your computers. You should install patches that fall into this category.

  • Informational: This type of patch detects a condition that ZENworks has determined is informational. Informational patches are used for information only. There is no actual patch to be installed.

  • Software Installers: These types of patches are software applications. Typically, this includes software installers. The patches show Not Patched if the application has not been installed on a machine.

Patch Management impact terminology for its patch subscription service closely follows the vendor impact terminology for patch criticality. Each operating system has a vendor-specific impact rating and that impact is mapped to a ZENworks rating as described in this section. Patch Management, following the recommendations of Lumension Security, increases or steps up the severity of the impact rating. For example, Microsoft classifications for Critical, Important, and Moderate patches are all classified as Critical by ZENworks.

The following table lists the mapping between ZENworks and Microsoft patch classification terminology:

Table 7-2 ZENworks and Microsoft Patch Impact Mapping

ZENworks Patch Impacts

Windows

Other

Critical

Critical Security

Important

Moderate

NA

Recommended

Recommended

Low

Example: Microsoft Outlook 2003 Junk E-mail Filter Update

NA

Informational

NA

NA

Software Installers

Software Distribution

Example: Microsoft Windows Malicious Software Removal Tool (Virus Removal)

Adobe 8.1 software installer

Patched

The Patched column indicates if the patch has been applied on the device or not. shows the relationship between a specific patch and the total number of devices (or groups) within ZENworks Server that meet a specific status. The patch statistics appear in two columns on the far right side of the Patches page. Each column status is described as follows:

The patches shown in the Patches page have different icons indicating their current status. The following table describes the icons for each patch:

Patch Icon

Significance

Indicates the patches that are disabled.

Disabled patches are hidden by default. Use the Include Disabled filter in the Search panel to show these items.

Indicates that only the fingerprint information for the patch has been brought down from the ZENworks Patch Subscription Network. This icon represents the patches that are not cached.

Indicates that a download process for the bundles associated with the selected patch is pending.

Indicates that a download process for the bundles associated with the selected patch has started. This process caches those bundles on your ZENworks Server.

Indicates that the fingerprints and remediation patch bundles that are necessary to address the patch have been cached in the system. This icon represents the patches that are cached and ready for deployment.

Indicates that an error has occurred while trying to download the bundle associated with the selected patch.

Assignments

The name of the patch remediation bundle or policy assignment that includes the signature and is assigned to the device, is displayed in this column. When you click on the Assignment link, the Bundle or Policy Details page is displayed.

Release Date

The date the patch was released by the vendor is displayed in the right column under Released On. Click the Released On column to sort patches by their release date. All the patches released in the last 30 days are displayed in bold font.

Installed On

The date on which the patch signature was installed on the device, either through a remediation bundle, or through a patch policy. If the patch was not installed by ZENworks, this field will be empty.

Installed By

The name of the user who installed the patch on the device. If the patch was installed by ZENworks, then the value will be ZENworks. Else, if the patch was installed manually, for example, a Windows update, then the value will be Other.

The total number of patches that are available for deployment is displayed in the bottom-left corner of the Patches panel. In the following figure, the total number of available patches is 106:

NOTE:The total number of patches that are available for deployment is displayed in the bottom-left corner of the Patches panel.

Assigned Patch Policies

The Assigned Patch Policies panel displays all the enabled patch policies that are assigned to the device. This panel includes the following information:

Policy Name

The names of the enabled patch policies that are assigned to the device.

Version

The published version of the patch policy.

Enforcement Schedule

The schedule of when the policy is enforced on the device.

Source

Links to the source of the assignment, either the Device object's Summary page, the Device Group object's Summary page, or the Device Folder's Summary page. When you click the source, the object's Summary page is displayed. If there are multiple sources, they are displayed as an expandable hierarchy.

Assigned Remediation Deployments

This panel displays all the patch bundles that are assigned to the device. This panel includes the following information:

Deployment Name

The remediation deployment name. When you click this link, the Bundle Summary page is displayed.

Folder

The path to the folder in which the bundle is saved.

Created On

The date on which the bundle assignment was created.

Enforcement Schedule

The schedule of when the deployment is enforced on the device. For example, Every Sun, Mon, Tue.

Source

Links to the source of the assignment, either the Device object's Summary page, the Device Group object's Summary page, or the Device Folder's Summary page. When you click the source, the object's Summary page is displayed. If there are multiple sources, they are displayed as an expandable hierarchy.

Search for Patches

The Search panel on the Patches page offers extensive search and data filtering options that allow you to search for specific patches and filter result sets based on the patch status, impact of the patches and assignment status. Searching and filtering can be performed independently of each other or can be combined to provide extensive drill-down capabilities.

To search for a patch:

  1. Type all or part of the patch name in the Patch Name text box.

  2. Select applicable filter options; the CVE identifier must be typed.

  3. Click Search.

To filter from all existing patches:

  1. Leave the Patch Name text box empty.

  2. Select applicable filter options.

  3. Click Search.

NOTE:Click Reset to return to the default settings.

The following table describes the result of selecting each filter option under Status:

Status Filter

Result

Patched

Search results include all the patches in the patch list that have been applied to one or more devices.

Not Patched

Search results include all the patches in the patch list that have not been applied to any device.

Not Applicable

Search results include all the patches in the patch list that do not apply to the device.

Include Disabled

Search results include all the patches in the patch list that have been disabled by the administrator.

The following table describes the result of selecting each filter option under Assignment Status.

Status Filter

Result

Assigned

Search results include all the patches in the patch list that have been assigned to one or more devices.

Not Assigned

Search results include all the patches in the patch list that have not been assigned to any device.

The following table describes the result of selecting each filter option under Impact (Impact Filters in Search):

Impact Filter

Result

Critical

Search results include all the patches in the patch list that are classified as Critical by ZENworks.

Recommended

Search results include all the patches in the patch list that are classified as Recommended by ZENworks.

Informational

Search results include all the patches in the patch list that are classified as Informational by ZENworks.

Software Installers

Search results include all the patches in the patch list that are classified as Software Installers by ZENworks.

The following table describes the remaining filter options on the Search panel:

Filter

Result

Platform

Search results include all the patches relevant to the operating system in the patch list.

Vendor

Search results include all the patches relevant to the vendor in the patch list.

Cache Status

Search results include all the patches relevant to their cache status on the local server.

CVE Identifier

Search results include all the patches that have the common vulnerabilities and exposures ID that you type.

Relationships

NOTE:This filter is only applicable to the Patches page on a selected patch policy.

Search results include patches for devices assigned to a patch policy, according to the option selected in the filter menu.

For more information, see Understanding the Relationships Filter.