The Fix vulnerabilities task allows you to fix software vulnerabilities on managed devices. You can fix software vulnerabilities in third-party software, including Microsoft software.
You can create the Fix vulnerabilities task only for Windows devices. You cannot create this task for devices running on other operating systems.
If you have the Vulnerability and patch management license, you cannot create new tasks of the Fix vulnerabilities type. To fix new vulnerabilities, you can add them to an existing Fix vulnerabilities task. However, we recommend that you use the Install required updates and fix vulnerabilities task instead of the Fix vulnerabilities task. The Install required updates and fix vulnerabilities task enables you to install multiple updates and fix multiple vulnerabilities automatically, according to the rules that you define.
A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.
To create the Fix vulnerabilities task:
In the main menu, go to Assets (Devices) → Tasks.
Alternatively, you can create this task in the device properties window on the Tasks tab.
Click Add.
The New task wizard starts. Proceed through the wizard by using the Next button.
In the Application drop-down list, select Kaspersky Security Center.
In the Task type list, select the Fix vulnerabilities task type.
In the Task name field, specify the name of the new task.
A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
In the list of vulnerabilities, select the check boxes next to the vulnerabilities you want to fix, and then click the OK button.
Microsoft software vulnerabilities usually have recommended fixes. No additional actions are required for them.
For vulnerabilities in software from other vendors, you first need to specify a user fix for each vulnerability that you want to fix. After that, you will be able to add those vulnerabilities to the Fix vulnerabilities task.
Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
Fill in the Account and Password fields to specify the details of an account under which the task is run. The account must have sufficient rights for this task.
Password of the account under which the task will be run.
At the Finish task creation step of the wizard, enable the Open task details when creation is complete option to modify the default task settings.
If you do not enable this option, the task is created with the default settings. You can modify the default settings later.
Click the Finish button.
The wizard creates the task. If you enabled the Open task details when creation is complete option, the task properties window automatically opens. In this window, you can specify the general task settings and, if required, change the settings specified during task creation.
You can also open the task properties window by clicking the name of the created task in the list of tasks.
The task is created, configured, and displayed in the list of tasks at Assets (Devices) → Tasks.
To run the task, select it in the task list, and then click the Start button.
You can also set a task start schedule on the Schedule tab of the task properties window.
For a detailed description of scheduled start settings, refer to the general task settings.
After the task is completed, the selected vulnerabilities are fixed.