Skip to main content

Apply operating system patches with Vulnerability and Patch Management in OneView

Updated: 

In OneView, you can apply operating system updates for Windows using the Vulnerability and Patch Management module. Security updates are often available through operating system patches, so it is important to keep scanning your endpoints for available updates. 

TIP - Keep the operating system patch information in OneView accurate by running or scheduling an Inventory & Vulnerability scan. This will ensure that any OS patches you install from OneView are the latest. For more information, see Enable Vulnerability and Patch Management in OneView.  

Scheduled patches

A scheduled patch update is configured in your OneView console and automatically schedules updates to an endpoint with outdated operating system services. Schedules apply to all Windows operating system patches found at the time the schedule is run. 

  1. On the left navigation menu, click ConfigureSchedules.
  2. In the upper-right, click Add schedule 2021-01-12_8-22-58.png.
  3. Enter a schedule name and choose Install OS Patches for Type
  4. Optionally, filter which operating system patches install based on category and severity.
  5. Configure OS patch settings with the options in the Patch settings table below. 
  6. Click 2021-01-12_8-22-58.png Add another to include filters for un-selected categories. 
  7. In the Schedule groups tab, choose Global (All sites) or select a site.  
  8. Select available groups from the selected sites to scan.
  9. On the Schedule frequency tab, set the frequency, start date, and start time. 
  10. Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
  11. Click Save.

Patch Categories

Patch categories are defined using Windows standardized terminology for operating system services.

Category Definition
Critical Update A broadly released fix for a specific problem addressing a critical, non-security-related bug.
Definition Update A broadly-released and frequent software update containing additions to a product's definition database. Definition databases often detect objects with specific attributes, such as malicious code, phishing Web sites, or junk e-mail.
Driver A software component necessary to control or regulate another device
Feature Pack New product functionality that is first distributed outside the context of a product release and usually included in the next full product release.
Security Update A broadly released fix for a product-specific security-related vulnerability.
Service Pack A tested, cumulative set of all hotfixes, security updates, critical updates and updates, as well as additional fixes for problems found internally since the release of the product.
Update A broadly released fix for a specific problem addressing a noncritical, non-security-related bug.
Update Rollup A tested, cumulative set of hotfixes, security updates, critical updates, and updates packaged together for easy deployment.
Upgrade A new product release brings a device to the next version, containing bug fixes, design changes, and new features.

OS Patch settings

Setting Description
Don't reboot servers Prevent servers from rebooting after an operating system patch.
Use existing reboot settings Follow the policy reboot settings.
Override existing reboot settings Override the policy and customize the reboot settings.
Message displayed for required reboot The message displayed to users if an operating system patch requires a reboot.
Reboot automatically after The time before the endpoint automatically reboots.
Enable pre-deployment message Allow users to see a custom message before the update is deployed.
Message to display prior to deployment The message displayed to users before the update is deployed.
Delay deployment The time before the patch is installed.

Note: A user can postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait 1 minute for additional postponement otherwise the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.

Patch Management page

Navigate to the Patch Management page to view available system updates across your managed sites and endpoints. Use this page to manually apply these updates to endpoints if they are outside of scheduled time frames or if critical fixes are required. 

  1. On the left navigation menu, click Manage Patch Management.
  2. On the OS Patch tab, select all or check specific boxes for system patches you want to install.
  3. In the top right corner, click the Apply patch icon 2022-07-20_14-09-42.png.
  4. In the confirmation window, click Install.

After the OS patch is complete, the patch is removed from the Patch Management page with the next scheduled Inventory & Vulnerability scan. You can also manually update the Patch Management page by issuing an Inventory & Vulnerability scan task from the Endpoints page.

Patch information

The following information is displayed for available system updates across endpoints:

Column Description
Application The name of the application.
Category

Type of patch available to install on the endpoint. 
Description

Description of the patch and provides directions on how to resolve the patch issue.
Domain name The corresponding domain of the endpoint.
Endpoint Host name of the endpoint.
Identified date Date the available patch was detected on the endpoint.
KB ID Knowledge base ID of the patch.
Patch Name of the available patch. 
Reboot required Requirement of a reboot to complete installation of the patch.
Severity

Severity level of the patch:

  • Critical
  • Important
  • Moderate
  • Low
  • Unknown
Site Site name assigned to the endpoint with the available patch.
Size File size of the available patch.
Vendor Vendor name of the software requiring a patch update.

Filter available patches

The Patch Management table helps you manage the available information pulled from your endpoints. Use filters within this table to sort your patching information into specified results. 

Customize patch data in the table using the following options: 

  • Reset filters: In the upper-right corner of the page, click Reset filters Reset_Filters.png to go back to the default filter settings.
  • Add / Remove Columns: In the top-right of the table, click Add / Remove Columns to customize the table columns.
  • Column pinning and auto-sizing: Next to a column header, click the filter Column_Pinning.png button to display a checkbox list of different sub-filters you can apply. Click the filter Column_Pinning.png tab to pin or auto-size for the selected column.
  • Right-click menu: In the table, click and drag to select and highlight a table section. Right-click on your selected information to copy or export a .csv or a .xlsx file.

Export data

Download all patch information to your local machine for auditing or external reporting. 

  1. Select all or check specific boxes for the rows you want to export.
  2. At the top-right of the Patch Management page, click the ellipsis icon.
  3. Click Download .csv or Download .xlsx to export your data.

Endpoints page

On the Endpoints page, add a new column to see how many available patches there are for each endpoint. The following column is available:

  • Available patches: Shows the number of available OS patches and 3rd-party software updates. Click the value to go to the endpoint's Update tab.

To apply a system patch:

  1. Select all or check specific boxes for system patches you want to install.
  2. In the top right corner, click Apply Patch.
  3. In the confirmation window, click Install.

 

Return to Vulnerability and Patch Management.

Still have questions?

Support is available via chat, phone or by creating a ticket. You can also use our virtual assistant for guided assistance.

Learn more