When fixing vulnerabilities in applications, you must specify rules for update installation. These rules determine updates to install and vulnerabilities to fix.
The exact settings depend on whether you create a rule for updates of Microsoft applications, of third-party applications (applications made by software vendors other than Kaspersky and Microsoft), or of all applications. When creating a rule for Microsoft applications or third-party applications, you can select specific applications and application versions for which you want to install updates. When creating a rule for all applications, you can select specific updates that you want to install and vulnerabilities that you want to fix by means of installing updates.
To create a new rule for updates of all applications:
On the Settings page of the Add Task Wizard, click the Add button.
The Rule Creation Wizard starts. Follow the steps of the Wizard.
On the Rule type page, select Rule for all updates.
On the General criteria page, use the drop-down lists to specify the following settings:
Select the updates that must be installed on client devices:
Install approved updates only. This installs only approved updates.
Install all updates (except declined). This installs updates with the Approved or Undefined approval status.
Install all updates (including declined). This installs all updates, regardless of their approval status. Select this option with caution. For example, use this option if you want to check installation of some declined updates in a test infrastructure.
Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.
If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the value selected in the list (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.
If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.
By default, this option is disabled.
On the Updates page, select the updates to be installed:
Install only software updates that you select manually from the list. This list contains all available software updates.
For example, you may want to select specific updates in the following cases: to check their installation in a test environment, to update only critical applications, or to update only specific applications.
Keep this option enabled if you agree with the installation of interim application versions when this is required for installing the selected updates.
If this option is disabled, only the selected versions of applications are installed. Disable this option if you want to update applications in a straightforward manner, without attempting to install successive versions incrementally. If installing the selected updates is not possible without installing previous versions of applications, the updating of the application fails.
For example, you have version 3 of an application installed on a device and you want to update it to version 5, but version 5 of this application can be installed only over version 4. If this option is enabled, the software first installs version 4, and then installs version 5. If this option is disabled, the software fails to update the application.
By default, this option is enabled.
On the Vulnerabilities page, select vulnerabilities that will be fixed by installing the selected updates:
Fix only vulnerabilities that you select manually from the list. This list contains all detected vulnerabilities.
For example, you may want to select specific vulnerabilities in the following cases: to check their fix in a test environment, to fix vulnerabilities only in critical applications, or to fix vulnerabilities only in specific applications.
On the Name page, specify the name for the rule that you are creating. You can later change this name in the Settings section of the properties window of the created task.
After the Rule Creation Wizard completes its operation, the new rule is created and displayed in the Specify rules for installing updates field of the Add Task Wizard.
To create a new rule for updates of Microsoft applications:
On the Settings page of the Add Task Wizard, click the Add button.
The Rule Creation Wizard starts. Follow the steps of the Wizard.
On the Rule type page, select Rule for Windows Update.
On the General criteria page, specify the following settings:
Select the updates that must be installed on client devices:
Install approved updates only. This installs only approved updates.
Install all updates (except declined). This installs updates with the Approved or Undefined approval status.
Install all updates (including declined). This installs all updates, regardless of their approval status. Select this option with caution. For example, use this option if you want to check installation of some declined updates in a test infrastructure.
Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.
If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the value selected in the list (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.
If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.
Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.
If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Microsoft Security Response Center (MSRC) is equal to or higher than the value selected in the list (Low, Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.
If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.
By default, this option is disabled.
On the Applications page, select the applications and application versions for which you want to install updates. By default, all applications are selected.
On the Categories of updates page, select the categories of updates to be installed. These categories are the same as in Microsoft Update Catalog. By default, all categories are selected.
On the Name page, specify the name for the rule that you are creating. You can later change this name in the Settings section of the properties window of the created task.
After the Wizard completes its operation, the new rule is created and displayed in the Specify rules for installing updates field of the Add Task Wizard.
To create a new rule for updates of third-party applications:
On the Settings page of the Add Task Wizard, click the Add button.
The Rule Creation Wizard starts. Follow the steps of the Wizard.
On the Rule type page, select Rule for third-party updates.
On the General criteria page, specify the following settings:
Select the updates that must be installed on client devices:
Install approved updates only. This installs only approved updates.
Install all updates (except declined). This installs updates with the Approved or Undefined approval status.
Install all updates (including declined). This installs all updates, regardless of their approval status. Select this option with caution. For example, use this option if you want to check installation of some declined updates in a test infrastructure.
Sometimes software updates may impair the user experience with the software. In such cases, you may decide to install only those updates that are critical for the software operation and to skip other updates.
If this option is enabled, the updates fix only those vulnerabilities for which the severity level set by Kaspersky is equal to or higher than the value selected in the list (Medium, High, or Critical). Vulnerabilities with a severity level lower than the selected value are not fixed.
If this option is disabled, the updates fix all vulnerabilities regardless of their severity level.
By default, this option is disabled.
On the Applications page, select the applications and application versions for which you want to install updates. By default, all applications are selected.
On the Name page, specify the name for the rule that you are creating. You can later change this name in the Settings section of the properties window of the created task.
After the Wizard completes its operation, the new rule is created and displayed in the Specify rules for installing updates field of the Add Task Wizard.