To create a Patch policy, follow these steps for each type of patch:
1. From the System Management page, click the Create Policy button.
2. From the Create Policy page, click the type of policy you want to create. The options are:
- Patch All
- Patch All Except
- Patch Only
- Manually Approve
- By Severity
- Advanced Policy (in beta)
3. In the Policy Info section, configure the following:
- In the Name field, enter a name for the policy.
- In the Notes field, enter any notes if required.
- Toggle the Policy Status to On or Off. This will enable or disable patching. If you want to pause patching, select Off.
- Toggle the Automatic Reboot switch. Automatic Reboot restarts the machine if a reboot is required to complete patching. Select No if you do not want the device to reboot after patching.
4. The Policy Scope area will differ for each policy type.
- Patch All: This policy will be applied to all supported software. This includes all operating system patches and supported third-party software. (From the Dashboard, you can view the details of this patch by selecting Pending Updates.)
- Patch All Except: For this type of policy, you can select all packages that you do not want patched. Use the search and filter options to find these packages. Mark the check box next to each package that you want to exclude from the patch. Your selections will appear on the right.
- Patch Only: For this type of policy, you can select all packages that you want patched. Use the search and filter options to find these packages. Mark the check box next to each package that you want to include in the patch. Your selections will appear on the right.
- Manually Approve: For this type of patch, the scope area remains empty until it is associated with a device or group of devices.
- By Severity: For this type of patch, you can select the severity level you want to have included in the patch update: Low, Medium, Critical, or Other. You can select multiple severities. The severity level are defined by the CVE score.
5. For Schedule, set the months, weeks, days, and time that the patch will run on the device(s). A calendar preview is provided next to your selection. Selected days, weeks, and months are indicated in blue while dates that do not have a scheduled patching window are shown in black.
6. (Optional) Mark the Notifications check box to notify users about a pending patch update. The Policy Status must be On.
7. (Optional) To assign this policy to a group, in the Assigned Groups area click the plus icon and select the desired group(s). Click Assign Groups.
8. Click Create Policy.