In Malwarebytes OneView, you can use the Vulnerability and Patch Management module to install updates on software applications such as Adobe Acrobat, Mozilla Firefox and Zoom. For a full list of supported applications, see Supported Vulnerability and Patch Management applications in OneView.
Software applications are updated frequently to resolve critical bugs or patch exploits, so it is important to keep scanning your endpoint's software for available updates. For more information, see Configure Vulnerability and Patch Management in OneView.
There are three options to update software:
- Scheduled software updates
- Patch Management page
- Endpoints page inventory tab
- Endpoint details inventory tab
- Endpoints page
Scheduled software updates
A scheduled software update is configured in your OneView console and automatically schedules updates to an outdated software applications on an endpoint. Schedules apply to all Windows endpoints and outdated software found at the time the schedule is run.
To create a schedule:
- On the left navigation menu, click Configure > Schedules.
- In the upper-right, click Add schedule
.
- Enter a schedule name and choose Install Software Updates for Type.
- Optionally, specify which supported third-party applications to update or exclude from updating.
- Configure endpoint reboot settings with the options in the table below.
- Optionally, customize a deployment message and select the duration before the third-party application automatically updates.
- In the Schedule groups tab, choose Global (All sites) or select a site.
- Select available groups from the selected sites to scan.
- On the Schedule frequency tab, set the frequency, start date, and start time.
- Toggle on Run missed scans as soon as possible to allow the schedule to run if the endpoint was offline during the configured schedule time.
- Click Save.
Watch the video below to see how to schedule software updates in OneView.
Reboot settings
Setting | Description |
Don't reboot servers |
Prevent servers from rebooting after a software update. |
Use existing reboot settings | Follow the policy's reboot settings. |
Override existing reboot settings | Override the policy reboot settings and customize the following settings: |
Message to display when a reboot is required | The message displayed to users if a software update requires a reboot. |
Reboot automatically after | The time before the endpoint automatically reboots. |
Allow end user to postpone reboot |
Allows the end user to postpone the reboot for 10, 30, or 60 minutes. |
Note: A user can continue to postpone a reboot indefinitely unless the reboot delay time is reached. Subsequent popups will wait for 1 minute for additional postponement otherwise the endpoint will reboot. If a user postpones a reboot, the Events screen shows an Audit event.
Patch Management page
Navigate to the Patch Management page to view available software updates across your managed sites and endpoints. Use this page to manually apply patches to endpoints if they are outside of patch schedule time frames or if critical patches are required.
- On the left navigation menu, click Manage > Patch Management.
- On the Software Update tab, select all or check specific boxes for software patches you want to install.
- In the top right corner, click Update Software
.
- In the confirmation window, click Update.
Software update information
View the following information for each available software update:
Column | Description |
Application | Name of the application requiring an update. |
Application version | Application information of the installed version. |
CVE count | Number of CVE's available to update. |
Endpoint | Host name of the endpoint. |
Installed date | Date the update was installed on the endpoint. |
Identified date | Date the available update was detected on the endpoint. |
Sites | Site name assigned to the endpoint with the available update. |
Vendor | Vendor name of the software requiring a patch update. |
Update available | Current software version available to install on the endpoint. |
Filter available updates
The Software Inventory table helps you manage the available information pulled from your endpoints. Use filters within this table to sort your patching information into specified results.
Customize data in the results list in the following ways:
- Reset filters: In the upper-right corner of the page, click Reset filters
to go back to the default filter settings.
- Add / Remove Columns: In the top-right of the table, click Add / Remove Columns to customize the table columns.
- Column pinning and auto-sizing: Next to a column header, click the filter
button to display a checkbox list of different sub-filters you can apply. Click the filter
tab to pin or auto size for the selected column.
- Right-click menu: In the table, click and drag to select and highlight a section of the table. Right-click on your selected information to copy or export a .csv or an .xlsx file.
Export data
Download all update and patching information to your local machine for auditing purposes or external reporting.
- Select all or check specific boxes for the rows you want to export.
- At the top-right of the Software Inventory page, click the ellipsis icon
.
- Click Download .csv or Download .xlsx to export your data.
Endpoints page inventory tab
The Inventory tab provides an overview of all installed software across your environment. Use this tab to filter through installed software for sites and endpoints to identify applications requiring updates.
TIP - The Software Update option is only enabled if the installed agent determines there is an update available.
To install an update:
- Filter using the Update available column to identify software with updates available.
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software Inventory page, click Update Software
.
- In the confirmation window, click Update.
Endpoint details inventory tab
Individual endpoints have a details page which includes the Inventory tab. This tab displays all available software updates for installed applications on the selected endpoint. This tab is useful if a specific endpoint requires multiple software application updates and you want to patch a single machine.
To locate the Inventory tab:
- On the left navigation menu, click Manage > Endpoints.
- Click an endpoint name to view the endpoint's properties.
- Click Inventory, then filter with the Update available column.
To install an update:
- Select all or check specific boxes for applications on endpoints you wish to update.
- At the top-right of the Software Inventory page, click Update Software.
- In the confirmation window, click Update.
Endpoints page
On the Endpoints page, add a new column to see how many available patches there are for each endpoint. The following column is available:
- Available patches: Shows the number of available OS patches and 3rd-party software updates. Click the value to go to the Patch Management page filtered by the selected endpoint.
Return to Vulnerability and Patch Management guide for OneView.