The Install required updates and fix vulnerabilities task is used to update and fix vulnerabilities in the third-party software installed on managed devices. This task allows you to install multiple updates and fix multiple vulnerabilities according to the rules, which you specify in the task settings.
To install updates or fix vulnerabilities by using the Install required updates and fix vulnerabilities task, you can do one of the following:
To create the Install required updates and fix vulnerabilities task:
In the main menu, go to Assets (Devices) → Tasks.
Click Add.
The New task wizard starts. Proceed through the wizard by using the Next button.
In the Application drop-down list, select Kaspersky Security Center.
In the Task type list, select the Install required updates and fix vulnerabilities task type.
If the task is not displayed, make sure that your account has the Read, Write, and Executerights for the System management: Vulnerability and patch management functional area. You cannot create and configure the Install required updates and fix vulnerabilities task without these access rights.
In the Task name field, specify the name of the new task.
The task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
These rules are applied to installation of updates on client devices. If rules are not specified, the task has nothing to perform. For information about operations with rules, refer to Rules for update installation.
These rules apply to the installation of updates on client devices. If you do not specify any rules, the task has nothing to perform.
If this option is enabled, before installing an update the application automatically installs all general system components (prerequisites) that are required to install the update. For example, these prerequisites can be operating system updates
If this option is disabled, you may have to install the prerequisites manually.
If thisoption is enabled, updates are allowed when they result in installation of a new version of a software application.
If this option is disabled, the software is not upgraded. You can then install new versions of the software manually or through another task. For example, you may use this option if your company infrastructure is not supported by a new software version or if you want to check an upgrade in a test infrastructure.
By default, this option is enabled.
Upgrading an application may cause malfunction of dependent applications installed on client devices.
If this option is enabled, the application downloads updates to the device but does not install them automatically. You can then Install downloaded updates manually.
Microsoft updates are downloaded to the system Windows storage. Updates of third-party applications (applications made by software vendors other than Kaspersky and Microsoft) are downloaded to the folder specified in the Download updates to field.
If this option is disabled, the updates are installed to the device automatically.
If this feature is enabled, Network Agent writes traces even if tracing is disabled for Network Agent in Kaspersky Security Center Linux Remote Diagnostics Utility. Traces are written to two files in turn; the total size of both files is determined by the Maximum size, in MB, of advanced diagnostics files value. When both files are full, Network Agent starts writing to them again. The files with traces are stored in the %WINDIR%\Temp folder. These files are accessible in the remote diagnostics utility, you can download or delete them there.
If this feature is disabled, Network Agent writes traces according to the settings in Kaspersky Security Center Linux Remote Diagnostics Utility. No additional traces are written.
When creating a task, you do not have to enable advanced diagnostics. You may want to use this feature later if, for example, a task run fails on some of the devices and you want to get additional information during another task run.
The default value is 100 MB, and available values are between 1 MB and 2048 MB. You may be asked to change the default value by Kaspersky Technical Support specialists when information in the advanced diagnostics files sent by you is not enough to troubleshoot the problem.
Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
Applications are forced to close when the user's device goes locked (automatically after a specified interval of inactivity, or manually).
If this option is enabled, applications are forced to close on the locked device upon expiration of the time interval specified in the entry field.
If this option is disabled, applications do not close on the locked device.
By default, this option is disabled.
At the Finish task creation step of the wizard, enable the Open task details when creation is complete option to modify the default task settings.
If you do not enable this option, the task will be created with the default settings. You can modify the default settings later.
Click the Finish button.
The New task wizard creates the task. If you enabled the Open task details when creation is complete option, the task properties window automatically opens. In this window, you can specify the general task settings and, if required, change the settings specified during task creation.
You can also open the task properties window by clicking the name of the created task in the list of tasks.
The task is created, configured, and displayed in the list of tasks.
To run the task, select it in the task list, and then click the Start button.
You can also set a task start schedule on the Schedule tab of the task properties window.
For a detailed description of scheduled start settings, refer to the general task settings.
After the task is completed, the required updates are installed and the vulnerabilities are fixed.