Patch Scan
• 4 min to read •
Syxsense software scans devices for the need for specific patches for both operating systems and third-party software and checks if devices have superseding or newer patches.
It also assesses your device's health based on the CVSS score associated with each missing patch for both OS and third-party apps so that you can prioritize patching relatively to your exposed risk. Patch details are represented in the Patch Summary.
|
Important Information It's always recommended to scan for 'All Patches', rather than leave detection gaps. Patch scans can take 2-5 minutes or longer to complete, we recommend scanning all devices every day. The information about the patch is provided from the vendor except for the CVSS score which is an independent severity scoring system. The Device Status Breakdown area includes dynamic functions to allow you to scan or deploy these patches easily. |
|
Prerequisites Discovery task and Patch Manager permissions An online device |
Video Tutorial: How to Create Weekly Patch ScanVideo Tutorial: How to Create Weekly Patch Scan
Watch an example of this task Video
| ❶ |
Create: From the Tasks menu click  |
| ❷ |
Where: Select which devices to scan using either Predefined Device Queries, User Defined Device Queries, Device Groups, Specific Devices & Active Directory Targets, or All Devices > Click 'Next'. Although groups and queries can be used, we recommend scanning every device. |
| ❸ |
What: Select the patches you wish to scan for using either Predefined Patch Queries, Custom Patch Queries, Patch Group, Specific Patches, or All Patches > Click 'Next'. Although groups and queries can be used, we recommend scanning for everything. |
| ❹ |
When: Select when you would like your scan to run > Click 'Next'. You may configure a Maintenance Windows during which the scan will be completed, a repeat interval such as 'repeat every Monday' for unsuccessful devices, and the Protect option to ensure the task is not running during important business hours. It's strongly recommended to create a recurring Patch Scan Task with Maintenance Windows. The recommendation is to scan all devices on a perpetual basis; the maintenance window provides this level of recurrence with a set task duration. |
| ❺ |
Summary: Review the settings of the task and if configured correctly, click 'Run Now' to save and run the task. |
> Click 'Patch Scan'TroubleshootingTroubleshooting
The list below will highlight some of the possible result statements with resolution.
| Issue/Result Statement | Reason/Resolution |
| 'Not Connected' | The device has a MicroAgent already installed, and it is not responding. The device is offline/not connected to the network. |
| 'Partial success' | The device started the Patch Scan and completed a scan of some of the updates; however, the device could not complete the task. |
| 'Target device disconnected' | The device started the Patch Scan but disconnected at any point in the task. Typically shown if target device disconnected before any updates were scanned. |
| 'Lost Connection' | The device started the Patch Scan but disconnected at any point in the task. Typically shown if the target device disconnected before any updates were scanned. |
| 'Not enough free disk space' | The device does not have enough disk space to download the content. Ensure target device has enough disk space and re-attempt deployment task. |
| 'Thread Being Aborted' or any other 'ErrorCode' | The device likely has existing security software that does not trust Syxsense. 3rd party software must be populated with exclusions to trust this solution. |
Ready to deploy updates? The Patch Deploy task will scan for all updates chosen and deploy only those that are required.
Last Update: Mar 12, 2024
Copyright ©2024 by Syxsense, Inc. All Rights Reserved