Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 25 Next »

CS-Video.pnghttps://youtu.be/hZ-yjR08lWI

May 21st, 2024 - ConnectSecure has ceased application patching support for Microsoft Edge in our patching process. Due to many reported issues of Edge crashing after upgrades, we have decided to discontinue support for patching this application. ConnectSecure will still identify vulnerabilities.

Patch Management works only with lightweight agents and is found only at the company level.

Consider adding in ‘connectsecurepatch.exe’ if you plan to use the Patch Management feature included with the ConnectSecure agent.

Our patch agent retrieves the necessary packages from the official website, so the remote asset we patch must have access to download these packages. 

Additionally, the patch agent initiates OS patching by triggering the Windows Update Manager to apply the respective security updates listed in the portal. We can also control whether the system can be rebooted after successful patching.

Check out our Patch Management Guide

Patch Management functions work for patches of Application (3rd Party) and OS (Operating System).

image-20240404-150730.png

When using the ConnectSecure Patch engine to update the application, we perform a thorough verification process before deploying any patches or updates. This includes checking the file hashes to ensure the integrity and authenticity of the downloaded files.


Patch Management - Table of Contents


Patch Management - Overview

Check out our Patch Management Guide

ConnectSecure Patch Management allows you to install 3rd party software and operating system-level patches in two ways.

  1. Manually from the Patch Management screen.

  2. Automatically based on the Patch Scheduler configuration.

Lightweight Agent is required for patching; Probe agent patching is a work in progress.

Access Roles
The list of Access roles to be provided for Patch Management.

To patch an application, please ensure that ADMIN or ASSETWRITER roles are assigned.

Roles

Patch Management

ADMIN

Yes

PIIVIEWER

No

PIIWRITER

No

APPROVER

No

ASSETVIEWER

No

ASSETWRITER

Yes

VULNERABILITYVIEWER

No

VULNERABILITYWRITER

No

COMPLIANCEVIEWER

No

COMPLIANCEWRITER

No

ACTIVEDIRECTORYVIEWER

No

ACTIVEDIRECTORYWRITER

No

The patch management module has three main sections: Application Patching, OS Patching, and Patch Jobs.

image-20240311-143019.png

Patch Management - Details

NOTE: This list will be updated occasionally as the private repository is updated.

Application Patching

To view the list of software that needs to be patched, please check the table and review the details provided.

image-20240404-151427.png

Field

Description

Software Name

Displays the name of the software that requires patching

Software Version

Displays the version number of the software

Fix Version

Displays a hyperlink to the recommended fix

Affected OS

Displays the affected operating system name

Assets

Displays a hyperlink to the count of assets affected

Action

The three-dot action menu provides a manual ‘Patch’ button


Manual Application Patching

Tap the three-dot Action menu to apply an available application patch, then choose Patch Now or Patch Later option.

image-20241004-140946.png

Patch Later option lets you set a later date and time to patch

image-20241004-141032.png

Otherwise, Patch Now will run the selected patch and asset(s) immediately.

image-20240404-151606.png

3rd Party - Application Patching does not reboot machines; there is no option to do this.


Automatic Application Patching

See the Patch Scheduler found at the Company or Global level.


OS Patching

To view the list of OS patches that need to be installed, please check the table and review the details provided.

image-20241008-200653.png

Manual OS Patching

Tap on the OS Patching tab, then use the three-dot Action menu to select Patch on any available records.

image-20241008-200728.png

You will be prompted to select the patch installation's machine(s) and reboot settings.

image-20240404-152057.png

ConnectSecure is passing the flag for reboot to the Microsoft Update Manager, so Microsoft will show prompts for the force to reboot.


Automatic OS Patching

See the Patch Scheduler found at the Company or Global level.


Patch Jobs

  • For Agent Offline assets, the job will be picked up once the agent comes online within 24 hours.

(Agent will monitor the agent status for 24 hours, if agent comes online it will pick up the patch job.

  • This behavior will be seen for manual and scheduled patching jobs.

  • If the agent is still offline after 24 hours, the job will state as failed.

We have added additional information when a patch is failing.  We now display download URL and Request Time in error log, when patch fails because of download restriction.   This will help you troubleshoot the reason for patch failure and also open/whitelist any URL's required.

We have a local patch log file on the remote agent machine located here:

C:\Program Files (x86)\CyberCNSAgent\logs\cyberpatch.log

View the patch job details and sort on the columns.

image-20241008-200841.png

Tap on the Created or Updated date fields to see additional patch job details, including the Asset Name, Status, From Version, and To Version values.

image-20240209-210753.pngimage-20240209-210836.png

Patch Job Failures

If you see FAILED under the Job Status for patching, tap on the Created date and time column to view additional details that can help with resolution.

image-20240404-153847.pngimage-20240404-153858.png

Please send any issues to our Support Team if you need help by emailing support@connectsecure.com


Patch Management - Action Toolbar Overview

The standard Alerts menu is available from the side navigation toolbar.

image-20240404-153209.png

Patch Management - Action Toolbar Actions

Alerts

Tap to view the System Events timeline-style alerts.

image-20240404-153234.png

Need Support?

Contact our support team by sending an email to support@connectsecure.com or by visiting our Partner Portal, where you can create, view, and manage your tickets.

https://cybercns.freshdesk.com/en/support/login

image-20240206-144508.png

  • No labels