Installing updates on devices manually

Expand all | Collapse all

If you have selected Find and install required updates on the Update management settings page of the Quick Start Wizard, the install required updates and fix vulnerabilities task is created automatically. You can run or stop the task in the Managed devices folder on the Tasks tab.

If you have selected Search for required updates in the Quick Start Wizard, you can install software updates on client devices through the Install required updates and fix vulnerabilities task.

You can do any of the following:

• Create a task for installing updates.
• Add a rule for installing an update to an existing update installation task.
• In the settings of an existing update installation task, configure a test installation of updates.

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.

Installing updates by creating an installation task

You can do any of the following:

• Create a task for installing certain updates.
• Select an update and create a task for installing it and similar updates.

To install specific updates:

1. In the Advanced → Application management folder in the console tree, select the Software updates subfolder.
2. In the workspace, select the updates that you want to install.
3. Do any of the following:
   • Right-click one of the selected updates in the list, and then select Install update → New task.
   • Click the Install update (create task) link in the information box for the selected updates.
4. Make your choice in the displayed prompt about installing all previous application updates. Click Yes if you agree to the installation of successive application versions incrementally if this is required for installing the selected updates. Click No if you want to update applications in a straightforward fashion, without installing successive versions. If installing the selected updates is not possible without installing previous versions of applications, the updating of the application fails.

   The Updates Installation and Vulnerabilities Fix Task Creation Wizard starts. Follow the steps of the Wizard.

5. On the Selecting an operating system restart option page of the Wizard, select the action to perform when the operating system on client devices must be restarted after the operation:
   • Do not restart the device

     Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.

   • Restart the device

     Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).

   • Prompt user for action

     The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.

     By default, this option is selected.

     • Repeat prompt every (min)

       If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.

       By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.

       If this option is disabled, the prompt is displayed only once.

     • Restart after (min)

       After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.

       By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.

   • Force closure of applications in blocked sessions

     Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.

     If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.

     If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.

     By default, this option is disabled.

6. On the Configure task schedule page of the Wizard, you can create a schedule for task start. If necessary, specify the following settings:
   • Scheduled start:

     Select the schedule according to which the task runs, and configure the selected schedule.

     • Every N hours

       The task runs regularly, with the specified interval in hours, starting from the specified date and time.

       By default, the task runs every 6 hours, starting from the current system date and time.

     • Every N days

       The task runs regularly, with the specified interval in days. Additionally, you can specify a date and time of the first task run. These additional options become available, if they are supported by the application for which you create the task.

       By default, the task runs every day, starting from the current system date and time.

     • Every N weeks

       The task runs regularly, with the specified interval in weeks, on the specified day of week and at the specified time.

       By default, the task runs every Monday at the current system time.

     • Every N minutes

       The task runs regularly, with the specified interval in minutes, starting from the specified time on the day that the task is created.

       By default, the task runs every 30 minutes, starting from the current system time.

     • Daily (daylight saving time is not supported)

       The task runs regularly, with the specified interval in days. This schedule does not support observance of daylight saving time (DST). It means that when clocks jump one hour forward or backward at the beginning or ending of DST, the actual task start time does not change.

       We do not recommend that you use this schedule. It is needed for backward compatibility of Kaspersky Security Center.

       By default, the task starts every day at the current system time.

     • Weekly

       The task runs every week on the specified day and at the specified time.

     • By days of week

       The task runs regularly, on the specified days of week, at the specified time.

       By default, the task runs every Friday at 6:00:00 PM.

     • Monthly

       The task runs regularly, on the specified day of the month, at the specified time.

       In months that lack the specified day, the task runs on the last day.

       By default, the task runs on the first day of each month, at the current system time.

     • Manually

       The task does not run automatically. You can only start it manually.

       By default, this option is selected.

     • Every month on specified days of selected weeks

       The task runs regularly, on the specified days of each month, at the specified time.

       By default, no days of month are selected; the default start time is 18:00.

     • On virus outbreak

       The task runs after a Virus outbreak event occurs. Select application types that will monitor virus outbreaks. The following application types are available:

       • Anti-virus for workstations and file servers
       • Anti-virus for perimeter defense
       • Anti-virus for mail systems

       By default, all application types are selected.

       You may want to run different tasks depending on the anti-virus application type that reports a virus outbreak. In this case, remove the selection of the application types that you do not need.

     • On completing another task

       The current task starts after another task completes. You can select how the previous task must complete (successfully or with error) to trigger the start of the current task. For example, you may want to run the Manage devices task with the Turn on the device option and, after it completes, run the Virus scan task. This parameter only works if both tasks are assigned to the same devices.

   • Run missed tasks

     This option determines the behavior of a task if a client device is not visible on the network when the task is about to start.

     If this option is enabled, the system attempts to start the task the next time the Kaspersky application is run on the client device. If the task schedule is Manually, Once or Immediately, the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope.

     If this option is disabled, only scheduled tasks run on client devices; for Manually, Once and Immediately, tasks run only on those client devices that are visible on the network. For example, you may want to disable this option for a resource-consuming task that you want to run only outside of business hours.

     By default, this option is disabled.

   • Use automatically randomized delay for task starts

     If this option is enabled, the task is started on client devices randomly within a specified time interval, that is, distributed task start. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.

     The distributed start time is calculated automatically when a task is created, depending on the number of client devices to which the task is assigned. Later, the task is always started on the calculated start time. However, when task settings are edited or the task is started manually, the calculated value of the task start time changes.

     If this option is disabled, the task starts on client devices according to the schedule.

   • Use randomized delay for task starts within an interval of (min)

     If this option is enabled, the task is started on client devices randomly within the specified time interval. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.

     If this option is disabled, the task starts on client devices according to the schedule.

     By default, this option is disabled. The default time interval is one minute.

7. On the Define the task name page of the Wizard, specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
8. On the Finish task creation page of the Wizard, click the Finish button to close the Wizard.

   If you want the task to start as soon as the Wizard finishes, select the Run the task after the Wizard finishes check box.

After the Wizard completes its operation, Install required updates and fix vulnerabilities appears in the Tasks folder.

You can enable automatic installation of system components (prerequisites) prior to installation of an update in the Install required updates and fix vulnerabilities task properties. When this option is enabled, all required system components are installed before the update. A list of the required components can be found in properties of the update.

In the properties of Install required updates and fix vulnerabilities task, you can allow installation of updates that upgrade application to a new version.

If the task settings provide rules for installation of third-party updates, the Administration Server downloads all relevant updates from their vendors' websites. Updates are saved to the Administration Server repository and then distributed and installed on devices where they are applicable.

If the task settings provide rules for installation of Microsoft updates and the Administration Server acts as a WSUS server, the Administration Server downloads all relevant updates to the repository and then distributes them to managed devices. If the network does not use a WSUS server, each client device downloads Microsoft updates from external servers independently.

To install a certain update and similar ones:

1. In the Advanced → Application management folder in the console tree, select the Software updates subfolder.
2. In the workspace, select the update that you want to install.
3. Click the Run Update Installation Wizard button.

   The Update Installation Wizard starts.

   The Update Installation Wizard features are only available under the Vulnerability and Patch Management license.

   Follow the steps of the Wizard.

4. On the Search for existing update installation tasks page, specify the following settings:
   • Search for tasks that install this update

     If this option is enabled, the Update Installation Wizard searches for existing tasks that install the selected update.

     If this option is disabled or if the search retrieves no applicable tasks, the Update Installation Wizard prompts you to create a rule or task for installing the update.

     By default, this option is enabled.

   • Approve update installation

     The selected update will be approved for installation. Enable this option if some applied rules of update installation allow installation of approved updates only.

     By default, this option is disabled.

5. If you choose to search for existing update installation tasks and if the search retrieves some tasks, you can view properties of these tasks or start them manually. No further actions are required.

   Otherwise, click the New update installation task button.

6. Select the type of the installation rule to be added to the new task, and then click the Finish button.
7. Make your choice in the displayed prompt about installing all previous application updates. Click Yes if you agree to the installation of successive application versions incrementally if this is required for installing the selected updates. Click No if you want to update applications in a straightforward fashion, without installing successive versions. If installing the selected updates is not possible without installing previous versions of applications, the updating of the application fails.

   The Updates Installation and Vulnerabilities Fix Task Creation Wizard starts. Follow the steps of the Wizard.

8. On the Selecting an operating system restart option page of the Wizard, select the action to perform when the operating system on client devices must be restarted after the operation:
   • Do not restart the device

     Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.

   • Restart the device

     Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).

   • Prompt user for action

     The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.

     By default, this option is selected.

     • Repeat prompt every (min)

       If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.

       By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.

       If this option is disabled, the prompt is displayed only once.

     • Restart after (min)

       After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.

       By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.

   • Force closure of applications in blocked sessions

     Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.

     If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.

     If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.

     By default, this option is disabled.

9. On the Select devices to which the task will be assigned page of the Wizard, select one of the following options:
   • Select networked devices detected by Administration Server

     The task is assigned to specific devices. The specific devices can include devices in administration groups as well as unassigned devices.

     For example, you may want to use this option in a task of installing Network Agent on unassigned devices.

   • Specify device addresses manually or import addresses from a list

     You can specify NetBIOS names, DNS names, IP addresses, and IP subnets of devices to which you want to assign the task.

     You may want to use this option to execute a task for a specific subnet. For example, you may want to install a certain application on devices of accountants or to scan devices in a subnet that is probably infected.

   • Assign task to a device selection

     The task is assigned to devices included in a device selection. You can specify one of the existing selections.

     For example, you may want to use this option to run a task on devices with a specific operating system version.

   • Assign task to an administration group

     The task is assigned to devices included in an administration group. You can specify one of the existing groups or create a new one.

     For example, you may want to use this option to run a task of sending a message to users if the message is specific for devices included in a specific administration group.

10. On the Configure task schedule page of the Wizard, you can create a schedule for task start. If necessary, specify the following settings:
    • Scheduled start:

      Select the schedule according to which the task runs, and configure the selected schedule.

      • Every N hours

        The task runs regularly, with the specified interval in hours, starting from the specified date and time.

        By default, the task runs every 6 hours, starting from the current system date and time.

      • Every N days

        The task runs regularly, with the specified interval in days. Additionally, you can specify a date and time of the first task run. These additional options become available, if they are supported by the application for which you create the task.

        By default, the task runs every day, starting from the current system date and time.

      • Every N weeks

        The task runs regularly, with the specified interval in weeks, on the specified day of week and at the specified time.

        By default, the task runs every Monday at the current system time.

      • Every N minutes

        The task runs regularly, with the specified interval in minutes, starting from the specified time on the day that the task is created.

        By default, the task runs every 30 minutes, starting from the current system time.

      • Daily (daylight saving time is not supported)

        The task runs regularly, with the specified interval in days. This schedule does not support observance of daylight saving time (DST). It means that when clocks jump one hour forward or backward at the beginning or ending of DST, the actual task start time does not change.

        We do not recommend that you use this schedule. It is needed for backward compatibility of Kaspersky Security Center.

        By default, the task starts every day at the current system time.

      • Weekly

        The task runs every week on the specified day and at the specified time.

      • By days of week

        The task runs regularly, on the specified days of week, at the specified time.

        By default, the task runs every Friday at 6:00:00 PM.

      • Monthly

        The task runs regularly, on the specified day of the month, at the specified time.

        In months that lack the specified day, the task runs on the last day.

        By default, the task runs on the first day of each month, at the current system time.

      • Manually (selected by default)

        The task does not run automatically. You can only start it manually.

        By default, this option is selected.

      • Every month on specified days of selected weeks

        The task runs regularly, on the specified days of each month, at the specified time.

        By default, no days of month are selected; the default start time is 18:00.

      • On virus outbreak

        The task runs after a Virus outbreak event occurs. Select application types that will monitor virus outbreaks. The following application types are available:

        • Anti-virus for workstations and file servers
        • Anti-virus for perimeter defense
        • Anti-virus for mail systems

        By default, all application types are selected.

        You may want to run different tasks depending on the anti-virus application type that reports a virus outbreak. In this case, remove the selection of the application types that you do not need.

      • On completing another task

        The current task starts after another task completes. You can select how the previous task must complete (successfully or with error) to trigger the start of the current task. For example, you may want to run the Manage devices task with the Turn on the device option and, after it completes, run the Virus scan task. This parameter only works if both tasks are assigned to the same devices.

    • Run missed tasks

      This option determines the behavior of a task if a client device is not visible on the network when the task is about to start.

      If this option is enabled, the system attempts to start the task the next time the Kaspersky application is run on the client device. If the task schedule is Manually, Once or Immediately, the task is started immediately after the device becomes visible on the network or immediately after the device is included in the task scope.

      If this option is disabled, only scheduled tasks run on client devices; for Manually, Once and Immediately, tasks run only on those client devices that are visible on the network. For example, you may want to disable this option for a resource-consuming task that you want to run only outside of business hours.

      By default, this option is disabled.

    • Use randomized delay for task starts within an interval of (min)

      If this option is enabled, the task is started on client devices randomly within a specified time interval, that is, distributed task start. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.

      The distributed start time is calculated automatically when a task is created, depending on the number of client devices to which the task is assigned. Later, the task is always started on the calculated start time. However, when task settings are edited or the task is started manually, the calculated value of the task start time changes.

      If this option is disabled, the task starts on client devices according to the schedule.

    • Use randomized delay for task starts within an interval of (min)

      If this option is enabled, the task is started on client devices randomly within the specified time interval. A distributed task start helps to avoid a large number of simultaneous requests by client devices to the Administration Server when a scheduled task is running.

      If this option is disabled, the task starts on client devices according to the schedule.

      By default, this option is disabled. The default time interval is one minute.

11. On the Define the task name page of the Wizard, specify the name for the task that you are creating. A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
12. On the Finish task creation page of the Wizard, click the Finish button to close the Wizard.

    If you want the task to start as soon as the Wizard finishes, select the Run the task after the Wizard finishes check box.

When the Wizard finishes, the Install required updates and fix vulnerabilities task is created and displayed in the Tasks folder.

In addition to the settings that you specify during task creation, you can change other properties of a created task.

Upgrading to a new version of the application may cause a malfunction of dependent applications on devices.

Installing an update by adding a rule to an existing installation task

To install an update by adding a rule to an existing installation task:

1. In the Advanced → Application management folder in the console tree, select the Software updates subfolder.
2. In the workspace, select the update that you want to install.
3. Click the Run Update Installation Wizard button.

   The Update Installation Wizard starts.

   The Update Installation Wizard features are only available under the Vulnerability and Patch Management license.

   Follow the steps of the Wizard.

4. On the Search for existing update installation tasks page, specify the following settings:
   • Search for tasks that install this update

     If this option is enabled, the Update Installation Wizard searches for existing tasks that install the selected update.

     If this option is disabled or if the search retrieves no applicable tasks, the Update Installation Wizard prompts you to create a rule or task for installing the update.

     By default, this option is enabled.

   • Approve update installation

     The selected update will be approved for installation. Enable this option if some applied rules of update installation allow installation of approved updates only.

     By default, this option is disabled.

5. If you choose to search for existing update installation tasks and if the search retrieves some tasks, you can view properties of these tasks or start them manually. No further actions are required.

   Otherwise, click the Add an update installation rule button.

6. Select the task to which you want to add a rule, and then click the Add rule button.

   Also, you can view properties of the existing tasks, start them manually, or create a new task.

7. Select the type of the rule to be added to the selected task, and then click the Finish button.
8. Make your choice in the displayed prompt about installing all previous application updates. Click Yes if you agree to the installation of successive application versions incrementally if this is required for installing the selected updates. Click No if you want to update applications in a straightforward fashion, without installing successive versions. If installing the selected updates is not possible without installing previous versions of applications, the updating of the application fails.

A new rule for installing the update is added to the existing Install required updates and fix vulnerabilities task.

Configuring a test installation of updates

To configure a test installation of updates:

1. In the console tree, select the Install required updates and fix vulnerabilities task in the Managed devices folder on the Tasks tab.
2. In the context menu of the task, select Properties.

   The properties window of the Install required updates and fix vulnerabilities task opens.

3. In the properties window of the task, in the Test installation section select one of the available options for test installation:
   • Do not scan. Select this option if you do not want to perform a test installation of updates.
   • Run scan on selected devices. Select this option if you want to test updates installation on selected devices. Click the Add button and select devices on which you need to perform test installation of updates.
   • Run scan on devices in the specified group. Select this option if you want to test updates installation on a group of devices. In the Specify a test group field, specify a group of devices on which you want to perform a test installation.
   • Run scan on specified percentage of devices. Select this option if you want to test updates installation on some portion of devices. In the Percentage of test devices out of all target devices field, specify the percentage of devices on which you want to perform a test installation of updates.
4. Upon selecting any option except Do not scan, in the Time to make the decision if the installation is to be continued (h) field specify the number of hours that must elapse from the test installation of updates until the start of installation of the updates on all devices.

See also: Scenario: Updating third-party software

Page top