1.5 Patch Management

1.5.1 Redesigned Dashboard

Patch Management is part of the new ZENworks Dashboard, which significantly enhances the utility of the Patch Dashboard, both for assessing the health of your patch environment and for taking action when weaknesses are found. The new Patch Management Dashboard includes four default dashlets and the capability to create custom dashlets from the default dashlets. See descriptions for each of the Patch Management dashlets below:

  • Patch Subscription Status: Displays the number of known patches in the zone, their status, and the last start and end times of subscription activities for licenses, patch discovery, and patch download.

  • Recently Released Patches: Displays the number of recently released patches by patch impact type.

  • Device Patch Compliance: Displays compliance status for devices in the zone.

  • Device Last Patch Scan: Displays the number of devices scanned for patches by time range.

1.5.2 Redesigned Patch Compliance Criteria

In conjunction with the redesigned Patch Management Dashboard, patch compliance is now based on a configurable percentage of Critical and Recommended patches installed on each device. This change is configured in the Patch Management > Dashboard and Trending configuration, and displays data in the new Device Patch Compliance dashlet.

For more information, see Configuring Patch Dashboard and Trending in the ZENworks 2017 Patch Management Reference.

1.5.3 New Patch Scan Behavior

In previous releases, scheduled scans would only execute if the scan engine detected that a new DAU (Discover Applicable Updates) bundle had been delivered to the device since the last scan. While this behavior minimized potential performance impacts due to patch scanning, it also introduced the following concerns:

  • A patch scan detects whether a patch has been installed regardless of the installation source. If a patch is installed by a non-ZENworks tool (such as the application's native updater), skipping the scan because the DAU bundle has not changed would cause the device's patch status to be incorrect.

  • The Last Patch Scan date in the Device Last Patch Scan dashboard (enhanced in this release) could be misleading because the scan engine reports that it performed the scan even if it skipped the scan because the DAU bundle had not changed.

To resolve this issue, the scan behavior was modified to ensure that a scheduled scan is performed every time regardless of whether or not the DAU bundle has changed. If users encounter a noticeable performance impact on their devices, you can revert to the previous scan behavior by adding PATCH_SCAN_ALWAYS=FALSE to the System Variables.

For more information, see Patch Management System Variables in the ZENworks 2017 Patch Management Reference.