To create a Patch policy, follow these steps for each of the subcategories of patches:
1. From the System Management page, click Create Policy.
2. Click the type of policy you want to create. The options are:
- Patch All
- Patch All Except
- Patch Only
- Manually Approve
- By Severity
- Advanced Policy (in beta)
3. In the Policy Info area, configure the following:
- In the Name field, enter a name for the policy.
- In the Notes field, enter any notes if required.
- Toggle the Policy Status to On or Off. This will enable or disable patching. If you want to pause patching, select Off.
- Toggle the Automatic Reboot switch. Automatic Reboot restarts the machine if a reboot is required to complete patching. Select No if you do not want the device to reboot after patching.
4. The Policy Scope area will differ for each of the subcategory types of policies.
- Patch All: This policy will be applied to all supported software. This includes all operating system patches and supported third-party software. (From the Dashboard, you can view the details of this patch by selecting Pending Updates.)
- Patch All Except: For this type of policy, you can select all packages that you do not want patched. Use the search and filter options to find these packages. Mark the check box next to each package that you want to exclude from the patch. Your selections will appear on the right.
- Patch Only: For this type of policy, you can select all packages that you want patched. Use the search and filter options to find these packages. Mark the check box next to each package that you want to include in the patch. Your selections will appear on the right.
- Manually Approve: For this type of patch, the scope area remains empty until it is associated with a device or group of devices.
- By Severity: For this type of patch, you can select the severity level you want to have included in the patch update: Low, Medium, Critical, or Other. You can select multiple severities. The severity level are defined by the CVE score.
5. For Schedule, set the months, weeks, days, and time that the patch will run on the device(s). A calendar preview is provided next to your selection. Selected days, weeks, and months are indicated in blue while dates that do not have a scheduled patching window are shown in black.
6. (Optional) Mark the Notifications check box to notify users about a pending patch update. The Policy Status must be On.
7. (Optional) Assign this policy to a group by selecting the plus icon in the upper right of the page and selecting the desired group(s). Click Add Group. The group can also be newly created now or assigned later.
8. Click Create Policy.