Scenario: Updating third-party software
Oct 23, 2023
This section provides a scenario for updating third-party software installed on the client devices. The third-party software includes applications from Microsoft and other software vendors. Updates for Microsoft applications are provided by the Windows Update service.
Updating third-party software proceeds in stages:
- Searching for required updates
To find the third-party software updates required for the managed devices, run the Find vulnerabilities and required updates task. When this task is complete, Kaspersky Security Center Cloud Console receives the lists of detected vulnerabilities and required updates for the third-party software installed on the devices that you specified in the task properties.
The Find vulnerabilities and required updates task is created automatically by the Administration Server quick start wizard. If you did not run the wizard, create the task or run the quick start wizard now.
- Analyzing the list of found updates
View the Software updates list and decide which updates you want to install. To view detailed information about each update, click the update name in the list. For each update in the list, you can view the statistics about the update installation on managed devices. For example, you can view the number of devices on which the selected update is not installed, will be installed, or on which the update installation has failed.
How-to instructions: Viewing information about available third-party software updates
- Configuring installation of updates
When Kaspersky Security Center Cloud Console received the list of the third-party software updates, you can install them on client devices by using the Install required updates and fix vulnerabilities task or the Install Windows Update updates task. Create one of these tasks. You can create these tasks on the Tasks tab or by using the Software updates list.
The Install required updates and fix vulnerabilities task is used to install updates for Microsoft applications, including the updates provided by the Windows Update service, and updates of other vendors' products.
The Install Windows Update updates task can be used to install Windows Update updates only.
The software update installation tasks have a number of limitations. These limitations depend on the license under which you are using Kaspersky Security Center Cloud Console and on the mode in which Kaspersky Security Center Cloud Console is working.
To install some software updates you must accept the End User License Agreement (EULA) for the installation software. If you decline the EULA, the software update will not be installed.
- Scheduling the tasks
To be sure that the update list is always up-to-date, schedule the Find vulnerabilities and required updates task to run the task automatically from time to time. The default frequency is once a week.
If you have created the Install required updates and fix vulnerabilities task, you can schedule it to run with the same frequency as the Find vulnerabilities and required updates task or less often. When scheduling the Install Windows Update updates task, note that for this task you must define the list of updates every time before starting this task.
When scheduling the tasks, make sure that a task to fix vulnerability starts after the Find vulnerabilities and required updates task is complete.
How-to instructions: General task settings
- Approving and declining software updates (optional)
If you have created the Install required updates and fix vulnerabilities task, you can specify rules for update installation in the task properties. If you have created the Install Windows Update updates task, skip this step.
For each rule, you can define the updates to install depending on the update status: Undefined, Approved or Declined. For example, you may want to create a specific task for servers and set a rule for this task to allow installation of only Windows Update updates and only those ones that have Approved status. After that you manually set the Approved status for those updates that you want to install. In this case the Windows Update updates that have the Undefined or Declined status will not be installed on the servers that you specified in the task.
By default, the downloaded software updates have the Undefined status. You can change the status to Approved or Declined in the Software updates list (Operations → Patch management → Software updates).
How-to instructions: Approving and declining third-party software updates
- Running an update installation task
Start the Install required updates and fix vulnerabilities task or the Install Windows Update updates task. When you start these tasks, updates are downloaded and installed on managed devices. After the task is complete, make sure that it has the Completed successfully status in the task list.
How-to instructions: Starting a task manually
- Create the report on results of update installation of third-party software (optional)
To make sure that the task is created and the updates are installed, create the Report on results of installation of third-party software updates and view detailed statistics on the update installation in this report.
How-to instructions: Generating and viewing a report