Patch Settings

Specify the policies for patch settings while creating patch policies. The administrator select the severity by patch type and creates the patch policies to apply to the agents in patch settings.

Patch Coverage by Severity

Specify the severity by patch type. The patch severity indicates the severity level of patch categorized by Microsoft. The severy levels are critical, important, moderate, or low.

Patch Type: Indicates the categories of patches defined in the AST server.
Microsoft Patches: Select the severity for the Microsoft patches. The default is moderate or more.
Microsoft Office Patches: Select the severity for the Microsoft Office patches. The default is Important or more.
3rd Party Patches: Indicates the security patches for 3rd-party. The default is Important or more.
Error Report: Indicates the error report for the patches. Categorizes the patch with the error report as the error report among Microsoft patch, Microsoft Office patch, or 3rd-Party patch. The default is Critical or more.
Admin-Specified Patch Select the severity for the patches specified by administrator.

Severity Type: Indicates the severity of patch defined in the website for Microsoft patches. The severity level can be changed by administrator.
Not Apply: Not applies the patches to an agent.
Critical: If there are security threats, which can abused, the severity level will be changed to critical to block the security threats. The security patches for the critical level is to prevent the high-risk threats or worms, which can rapidly spread oven the internet.
Important: Probability to change the information using the security threats.
Moderate: If the security scan dramatically removes the threats, or a detected threat has a low probability of abuse, the severity should be set to moderate.
Low (Apply to all): A detected threat has a low probability of abuse, and the impact from the security threat is very minor.

Note

Click View Patch at the bottom of the screen to view the patch information by severity level.

Patch Priority

You can select and apply the patches from the all patches list. The patch items added to patch priority list have higher priority than item in the patch coverage by severity.

Select Policy/Advanced Rule.
Select the Policy tab.
Click Add.
Click Add > Patch Policy.
Click Add Patch Policy > Patch Policy.
Move to the Patch Priority tab. Check the patch priorities.

Add: Adds the patches to the list of patch priorities. Click Add to select a patch to apply first from <Add Patch>.

Delete: Deletes the patches from the list of patch priorities. Select an item to delete and then click Delete on the top of the list, or click the Delete ( ) icon at the left side of the list.
KB Number: Displays the KB number under the number (ex.MS16-101) in the dashboard for vulnerabilities released by Microsoft.
Patch Number: The patch number is provided based on the dashboard for vulnerabilities officially released by Microsoft. For the patches not released Microsoft, the AST server assigns the number. The patch numbers released by Microsoft through the dashboard for vulnerabilities follows the format such as MS01-001, while the format of patch numbers assigned by AST server follows the formats; MSSP-Office XP, MSSP-Office 2000, MSSP-SQL Server, APSB10-26.
Patch Name: Indicates the name of patch released by Microsoft.
Severity: Indicates the severity of patches categorized by Microsoft.
Patch Properties: Patch properties include the information such as Restart system after installing patches, Display the install progress, Manual installation required, and Allow rollback.
File Size: Displays the patch file size.
Patch Released: Indicates the date when the patch was released by Microsoft through the website for patch release. The information can be changed by administrator.

Note

The patch items added to patch priority list have higher priority than item in the patch coverage by severity.

Patch Exception

You can specify the patches selected from the list of all patches as exception, not to apply to the agents. The patches added to exception list have higher priority than patches in Patch Coverage by Severity and Patch Priority. The patches configured as exception are not applied to the agents. You can configure the patch exceptions as follows:

Select Policy/Advanced Rule.
Select the Policy tab.
Click Add.
Click Add > Patch Policy.
Click Add Patch Policy > Patch Policy.
Move to the Exceptions tab. Check the list of patch exceptions.

Add: Adds the patch exception. Click Add to select a patch exception from <Add Exception Patch>.

Delete: Deletes the patches from the list of patch exceptions. Select an item to delete and then click Delete on the top of the list, or click the Delete ( ) icon at the left side of the list.
KB Number: Displays the KB number under the number (ex.MS16-101) in the dashboard for vulnerabilities released by Microsoft.
Patch Number: The patch number is provided based on the dashboard for vulnerabilities officially released by Microsoft. For the patches not released Microsoft, the AST server assigns the number. The patch numbers released by Microsoft through the dashboard for vulnerabilities follows the format such as MS01-001, while the format of patch numbers assigned by AST server follows the formats; MSSP-Office XP, MSSP-Office 2000, MSSP-SQL Server, APSB10-26.
Patch Name: Indicates the name of patch released by Microsoft.
Severity: Indicates the severity of patches categorized by Microsoft.
Patch Properties: Patch properties include the information such as Restart system after installing patches, Display the install progress, Manual installation required, and Allow rollback.
File Size: Displays the patch file size.
Patch Released: Indicates the date when the patch was released by Microsoft through the website for patch release. The information can be changed by administrator.

Note

The patches added to exception list have higher priority than patches in Patch Coverage by Severity and Patch Priority. The patches configured as exception are not applied to the agents.