When the UNIX or Windows security agent runs a security check or policy template that performs a patch assessment, such as the Security Patches Not Applied check, the agent uses the list of patches in the patch-level database to compare against patches found on the target endpoint. The AutoSync service provides monthly updates for the patch-level content to ensure that Secure Configuration Manager and the agents always audit with the latest security information. After downloading the latest patch database from the AutoSync server, you have three options for updating agents:
Update agents when you run a patch assessment security check
Schedule the agent updates
Manually update each agent
To view the downloaded and applied updates, click the Archived Updates tab in the AutoSync wizard. For more information, see Section 8.8.3, Viewing the History of an Archived Update. To identify which of the patch databases have been applied to which agents, run the Applied Patch Databases administrative report. For more information, see Section 1.5, Listing Reports, Actions, and Security Checks.
If you enable the Push Patch Database option in the AutoSync settings, Secure Configuration Manager automatically updates the patch-level content on each Windows agent. Each time you run a security check or policy template that performs a patch assessment, Core Services checks whether the specified agent has the most recent patch-level content. If the agent does not have the latest version of the patch-level content, Core Services sends the content files to the agent with the security check or policy template.
The Push Patch Database option ensures that all security agents have the latest patch-level content without your having to schedule a task for updating each agent or your having to manually update each agent every month.
NOTE:Secure Configuration Manager can push content only to Windows agents.
On the Tools menu, click AutoSync Wizard.
Click Settings.
Change the Push Patch Database To Agents option to Yes.
Click OK.
Close the AutoSync wizard.
Regularly download and apply the latest patch databases, such as NetIQ Windows Agent Patch Database, from the AutoSync server.
You can run the Update Agent Content task on a scheduled basis to frequently and automatically update your agents. For optimum performance, run the task against groups of 30 to 50 agents at a time.
Download and apply the latest patch database, such as NetIQ Windows Agent Patch Database, from the AutoSync server. For more information, see Section 8.6, Applying AutoSync Updates.
In the tree pane, expand IT Assets > Managed Groups to display the group folder that contains the endpoints whose associated agents you want to update.
(Optional) To schedule updates for the agent content for a group, select the group in the tree pane or content pane.
(Optional) To schedule updates for the agent content for a single endpoint, select the associated group in the tree pane, and then select the endpoint in the content pane.
On the right-click menu, click Update Agent Content.
In the Run Task Suite wizard, click Schedule.
In the Scheduled Task wizard, configure the schedule settings.
Click OK, and then click Finish.
You can manually run the Update Agent Content task to update your agents. For example, you might add an agent to IT Assets and want to ensure that the agent has the latest patch-level content.
Download and apply the latest patch database, such as NetIQ Windows Agent Patch Database, from the AutoSync server. For more information, see Section 8.6, Applying AutoSync Updates.
In the tree pane, expand IT Assets > Managed Groups to display the group folder that contains the endpoints whose associated agents you want to update.
(Optional) To update the agent content for a group, select the group in the tree pane or content pane.
(Optional) To update the agent content for a single endpoint, select the associated group in the tree pane, and then select the endpoint in the content pane.
On the right-click menu, click Update Agent Content.
When the wizard has finished updating the agent content, click Finish.
When the update completes, Secure Configuration Manager stores the completed update job in Completed under Job Queues.