Once you subscribe to Vulnerability and Patch Management, you must configure the module to scan for threat weaknesses and secure your endpoints.
Below is a table of supported operating systems for each module:
| Module | Windows | Windows Server | macOS |
| Vulnerability Assessment | ✓ | ✓ | ✓ |
| Patch Management | ✓ | ✓ |
Configure Vulnerability and Patch Management
- On the left navigation menu, click Configure > Policies.
- Create a new policy or select an existing policy.
- Click the Software management tab.
- Check mark Allow scanning for known vulnerabilities in installed software for Windows or Mac endpoints.
- Check mark Allow updating software inventory and applying available OS patches for endpoints for Windows endpoints.
- Check mark Show deployment progress for the ability to check deployment progress on a Windows endpoint. Hover over the Malwarebytes Endpoint Agent in the system tray to view the current deployment progress.
- Click Save.
Note: The Installed software on the endpoints setting under Events to report on is required to scan for vulnerabilities and available patches.
Scan for vulnerabilities or patches
Scanning your endpoints is how the endpoint agent identifies threat exposures or available updates across your environment. Once you purchase the module, all previous Inventory scans are automatically updated to the Inventory & Vulnerability scan options. This is available to run on-demand from the endpoints page and configurable for scheduled scans in your OneView console. For more scan information, see Scheduled scans in Malwarebytes OneView.
NOTICE - Running Inventory & Vulnerability scans on endpoints is expected to use up to 350MB of memory and 25-50% of the CPU. We recommend running this scan on endpoints during off hours for users. For our minimum hardware requirements, see System requirements for Malwarebytes OneView.
Return to Vulnerability and Patch Management guide for OneView.