General Settings

Specify the policies for general settings while creating patch policies. You can configure the settings for communication interval, retry attempts, patch prevented time, or displaying the install progress.

General Settings

You can configure the general settings to apply the patch files as follows:

Note

To apply the default settings, click Default at the bottom of the page

1. Select Policy/Advanced Rule.
2. Select the Policy tab.
3. Click Add.
4. Click Add > Patch Policy.
5. Configure the required settings in General Settings.

• Check patch installation status periodically: Check the application status of patch policy. You can enter 60 to 240 minutes for the check interval. (Default: 240 mins)
• Patch status check within the following time period after system startup: Checks the patch status within the specified time after systemstartup. The lockout period should be from 30 to 120 minutes. (Default: 60 mins)
• Patch Download Server: Defines the priority for the patch download from the server. You can specify the priority for three items and the patch will be downloaded according to the defined priorities.
• Management Server: Downloads the patch files from the EPP server.
• AhnLab Security Tower: Accesses AhnLab Security Tower and downloads the patch files.
• Vendor's patch site: Accesses the vendor's patch site, which provides the required patches, and downloads the patch files.
• N/A: When the 2nd or 3rd priority is not specified, select this option.
• Patch Installation Pending: Not applies the patches during the period of patch installation pending even when the new patches are downloaded.
• Pending time: Enter the period to delay the patch installation. If you need to specify the period to delay the patch installation, enter the required date. You can enter 1 to 365 minutes for the pending period. (Default: 30 days)
• Operating system: Select the operating system to delay the patch installation.
• All OS: Delays the patch installation during the specified period for all operating systems.
• Desktop OS: Delays the patch installation during the specified period for the desktop operating systems.
• Server OS: Delays the patch installation during the specified period for the server systems.

• Desktop OS: Select the patch installation period for the desktop operating systems. The options for the patch installation periods are as follows; Install now, Automatically install when system shuts down, Install manually, Manually install when system shuts down. Enter the patch file location when the manual installation option is selected.
• Server OS: Select the patch installation period for the server operating systems. The options for the patch installation periods are as follows; Install now, Automatically install when system shuts down, Install manually, Manually install when system shuts down. Enter the patch file location when the manual installation option is selected.
• Patch Download Path: Enter the path to save the patch files when the manual installation option is selected. Downloads the patch files to the specified location when the manual installation option is selected.
• Patch Time Settings: Specifies the time to download and apply the patches, or patch prevention time. If you register the time when the large amount of network usage is expected for file distribution prevention time, you can mitigate inconvenience for file distribution. The interval can be daily/weekly/monthly, and the patch time can be added up to 5.
• Prevent Patch Update: Prevents patches from applying to the agents during the specified time. Applies patches except for the specified time.
• Allow Patch Update: Allows patches to apply to the agents. Not applies patches except for the specified time.
• Retry Attempts: Specifies the number of retry attempts when patch installation is not completed for an error in patch scan module and patch information, or situation in an agent. The patch installation is retried for the specified number of retry attempts when the patch installation fails at the specified interval. 1~10 (Default: 2)
• Maximum number of patches to distribute at once: Specifies the number of patches to install at one interval. The patch scan and patch installation is done at the communication interval in usual. But if patches are all installed at a specific interval, it may cause overload to the server, and therefore you can restrict the number of patches to install at the required interval, considering the network environment of your company. The number of patches at a communication interval can be 1 to 10.
• Required free hard disk space: If the the space of the hard disk where the agent OS is installed is less than the space available in the hard disk for patch installation assigned by EPP server, the patch will not be applied to the agent. The minimum space is 500MB. (Default: 5012MB)
• File size limit: Automatically applies patch files under the specified file size. If the file size is larger than the specified one, the patch will not be automatically installed. Automatically install patch files under the specified file size. If the file size is larger than the specified one, the administrator can install the patches. If a large size of patch files are applied at the same time, it may cause inconvenience due to the network overload. (Default: 10MB)
• Use Background Intelligent Transfer Service (BITS): If BITS is enabled, when downloading the patch files from an agent, the download will be done using the idle network bandwidth. Shortly, the download will be done, not impacting the programs used in other network. If BITS is disabled, the download will be done using the network bandwidth shared by other programs.
• Patch file download speed limit: Select the option to restrict the network traffic for patch installation. The network bandwidth can be set by group or user, and the available bandwidth is 100KB/s to 1024KB/s. (Default: 200KB/s)
• Patches which display installation processes on the screen: Applies patches, which display the installation process on the screen.
• Allow rollback to previous version: Select whether to apply the rollback patches specified from the AST server. If the rollback patches are applied, if the patches are installed in an agent, the patch installation will be canceled and rolled back.
• Service packs: Automatically applies the service pack to an agent.
• Patches which need to be manually installed: Automatically applies the manual patches specified in AhnLab Security Tower to an agent.
• No limit to retry attempts for patches which need to be manually installed: The manual patches with the installation process displayed can be arbitrarily canceled by user, and the number of retry attempts for patch installation is unlimited.
• Notify users of patch install: Select whether to display the use agreement page for patch installation. Activates only when immediate patch installation is selected.
• Display the install progress: Displays the installation process on the agent PC.
• Restart system after installing patches: Specify whether to restart the system after installing patches.
• Do not restart: Not restarts the system after installing patches.
• Notify users to restart Notifies the user when the system should be restarted after installing patches.
• Automatically restart: Automatically restarts the system to restart after installing patches, if necessary.
• Activate Windows Update service; Activates the Windows update service. Change the type of the Windows update service from the control panel from Disable to Manual.