To create a Patch policy, follow these steps for each type of patch:
1. From the System Management page, click the Create Policy button.
2. From the Create Policy page, click the type of policy you want to create. The options are:
- Patch All
- Patch All Except
- Patch Only
- Manually Approve
- By Severity
- Advanced Policy
3. In the Policy Info section, configure the following:
- In the Name field, enter a name for the policy.
- In the Notes field, enter any notes if required.
- Toggle the Policy Status to On or Off. This enables or disables patching. If you want to pause patching, select Off.
- Toggle the Automatic Reboot switch. Automatic Reboot restarts the machine if a reboot is required to complete patching. Select No if you do not want the device to reboot after patching.
4. The Policy Scope area differs for each policy type.
- Patch All: This policy is applied to all supported software. This includes all operating system patches and supported third-party software. (From the Dashboard, you can view the details of this patch by selecting Pending Updates.)
- Patch All Except: For this type of policy, you can select all packages that you do not want patched. Use the search and filter options to find these packages. Select each package that you want to exclude from the patch. Your selections appear on the right as items that will not be patched.
- Patch Only: For this type of policy, you can select all packages that you want patched. Use the search and filter options to find these packages. Select each package that you want to include in the patch. Your selections appear on the right as the only items that will be patched.
- Manually Approve: For this type of patch, the scope area remains empty until it is associated with a device or group of devices. See Enabling Manual Approval.
- By Severity: For this type of patch, you can select the severity level you want to have included in the patch update: Low, Medium, Critical, or Other. You can select multiple severities. The severity level are defined by the CVE score.
5. For Schedule, set the months, weeks, days, and time that the patch will run on the device(s). A calendar preview is provided next to your selection. Selected days, weeks, and months are indicated in blue while dates that do not have a scheduled patching window are shown in black.
6. (Optional) Mark the Notifications check box to notify users about a pending patch update. The Policy Status must be On.
7. (Optional) To assign this policy to an existing group, in the Assigned Groups area click the plus icon and select the desired group(s). Click Assign Groups.
NOTE: The policy must be created before adding a new group. If you select Add Group before creating the policy, any entries made will not be saved.
8. Click Create Policy.