Creating the Fix vulnerabilities task

Support

Support for business applications

Kaspersky Security Center 15 Linux

Managing applications and executable files on client devices

Fixing third-party software vulnerabilities

Creating the Fix vulnerabilities task

July 1, 2024

ID 201980

Save as PDF

Expand all | Collapse all

The Fix vulnerabilities task allows you to fix software vulnerabilities on managed devices. You can fix software vulnerabilities in third-party software, including Microsoft software.

You can create the Fix vulnerabilities task only for Windows devices. You cannot create this task for devices running on other operating systems.

You can create a new Fix vulnerabilities task only if you have the Vulnerability and patch management license.

If you have the Vulnerability and patch management license, you cannot create new tasks of the Fix vulnerabilities type. To fix new vulnerabilities, you can add them to an existing Fix vulnerabilities task. However, we recommend that you use the Install required updates and fix vulnerabilities task instead of the Fix vulnerabilities task. The Install required updates and fix vulnerabilities task enables you to install multiple updates and fix multiple vulnerabilities automatically, according to the rules that you define.

A user interaction may be required when you update a third-party application or fix a vulnerability in a third-party application on a managed device. For example, the user may be prompted to close the third-party application if it is currently open.

To create the Fix vulnerabilities task:

In the main menu, go to Assets (Devices) → Tasks.
Alternatively, you can create this task in the device properties window on the Tasks tab.
Click Add.
The New task wizard starts. Proceed through the wizard by using the Next button.
In the Application drop-down list, select Kaspersky Security Center.
In the Task type list, select the Fix vulnerabilities task type.
In the Task name field, specify the name of the new task.
A task name cannot be more than 100 characters long and cannot include any special characters ("*<>?\:|).
Select the devices to which the task will be assigned.
Go to the next step of the wizard.
Click the Add button.
The list of vulnerabilities opens.
In the list of vulnerabilities, select the check boxes next to the vulnerabilities you want to fix, and then click the OK button.
Microsoft software vulnerabilities usually have recommended fixes. No additional actions are required for them.

For vulnerabilities in software from other vendors, you first need to specify a user fix for each vulnerability that you want to fix. After that, you will be able to add those vulnerabilities to the Fix vulnerabilities task.

Go to the next step of the wizard.
Specify the operating system restart settings:
- Do not restart the device
  Client devices are not restarted automatically after the operation. To complete the operation, you must restart a device (for example, manually or through a device management task). Information about the required restart is saved in the task results and in the device status. This option is suitable for tasks on servers and other devices where continuous operation is critical.
- Restart the device
  Client devices are always restarted automatically if a restart is required for completion of the operation. This option is useful for tasks on devices that provide for regular pauses in their operation (shutdown or restart).
- Prompt user for action
  The restart reminder is displayed on the screen of the client device, prompting the user to restart it manually. Some advanced settings can be defined for this option: text of the message for the user, the message display frequency, and the time interval after which a restart will be forced (without the user's confirmation). This option is most suitable for workstations where users must be able to select the most convenient time for a restart.
  
  By default, this option is selected.
- Repeat prompt every (min)
  If this option is enabled, the application prompts the user to restart the operating system with the specified frequency.
  
  By default, this option is enabled. The default interval is 5 minutes. Available values are between 1 and 1440 minutes.
  
  If this option is disabled, the prompt is displayed only once.
- Restart after (min)
  After prompting the user, the application forces restart of the operating system upon expiration of the specified time interval.
  
  By default, this option is enabled. The default delay is 30 minutes. Available values are between 1 and 1440 minutes.
- Force closure of applications in blocked sessions
  Running applications may prevent a restart of the client device. For example, if a document is being edited in a word processing application and is not saved, the application does not allow the device to restart.
  
  If this option is enabled, such applications on a locked device are forced to close before the device restart. As a result, users may lose their unsaved changes.
  
  If this option is disabled, a locked device is not restarted. The task status on this device states that a device restart is required. Users have to manually close all applications running on locked devices and restart these devices.
  
  By default, this option is disabled.
Go to the next step of the wizard.
Specify the account settings:
- Default account
  The task will be run under the same account as the application that performs this task.
  
  By default, this option is selected.
- Specify account
  Fill in the Account and Password fields to specify the details of an account under which the task is run. The account must have sufficient rights for this task.
- Account
  Account under which the task is run.
- Password
  Password of the account under which the task will be run.
At the Finish task creation step of the wizard, enable the Open task details when creation is complete option to modify the default task settings.
If you do not enable this option, the task is created with the default settings. You can modify the default settings later.
Click the Finish button.
The wizard creates the task. If you enabled the Open task details when creation is complete option, the task properties window automatically opens. In this window, you can specify the general task settings and, if required, change the settings specified during task creation.

You can also open the task properties window by clicking the name of the created task in the list of tasks.

The task is created, configured, and displayed in the list of tasks at Assets (Devices) → Tasks.
To run the task, select it in the task list, and then click the Start button.
You can also set a task start schedule on the Schedule tab of the task properties window.

For a detailed description of scheduled start settings, refer to the general task settings.

After the task is completed, the selected vulnerabilities are fixed.

Kaspersky Endpoint Security for Linux: High protection without performance compromising

Detects and blocks advanced threats. Buy as part of Endpoint Security for Business Advanced.

Kaspersky Premium Support (MSA): High‑priority incident processing

Telephone and web ticket support. Fast response, monitoring and health check. Submit a request and activate the contract (MSA).

Did you find this article helpful?

What can we do better?

Thank you for your feedback! You're helping us improve.