Once you subscribe to Vulnerability and Patch Management, you must configure the module to scan for threat weaknesses and secure your endpoints.
Below is a table of supported operating systems for each module:
| Module | Windows | Windows Server | macOS |
| Vulnerability Assessment | ✓ | ✓ | ✓ |
| Patch Management | ✓ | ✓ | ✓* |
* Operating system patching is only available for Windows. Patch Management for macOS allows for updating 3rd-party software.
Enable policy settings
TIP - The Installed software on the endpoints setting under Events to report on is required to scan for patches.
- On the left navigation menu, click Configure > Policies.
- Create a new policy or select an existing policy.
- Click the Software management tab.
- Check mark Allow scanning for known vulnerabilities in installed software for Windows or Mac endpoints.
- Check mark Allow updating software inventory and applying available OS patches for endpoints for Windows or Mac endpoints.
- Configure patch management options in the table below.
- Click Save.
Patch management options
| Setting | Description |
| Disable Windows automatic updates for OS patches | This disables Windows automatic updates and allows Patch Management to control when OS patches are installed. |
|
Show deployment progress from the ThreatDown icon |
Provides the ability to check deployment progress on the endpoint. Hover over the ThreatDown icon in the system tray to view the current deployment progress. |
| Force close software for updates | Allow the endpoint agent to close software so 3rd-party applications can be updated. |
| Force close time limit | Select the time limit after which applications will be closed to install updates. Customize a message to inform your users before the software is closed. |
| Force close reminder frequency | Select how frequently users are reminded the software needs to be closed in order to perform updates. |
Scan for vulnerabilities or patches
Scanning your endpoints is how the endpoint agent identifies threat exposures or available updates across your environment. Once you purchase the module, all previous Inventory scans are automatically updated to the Inventory & Vulnerability scan options. This is available to run on-demand from the endpoints page and configurable for scheduled scans in your OneView console. For more scan information, see Scheduled scans in OneView.
NOTICE - Running Inventory & Vulnerability scans on endpoints is expected to use up to 350MB of memory and 25-50% of the CPU. We recommend running this scan on endpoints during off hours for users. For our minimum hardware requirements, see System requirements for OneView.
Return to Vulnerability and Patch Management.