> Security > Patch and Compliance > Getting started with Patch > How Patch and Compliance scans and remediates

How Patch and Compliance scans and remediates

The table below describes how the Patch and Compliance security scanner searches for each type of security risk and the steps taken during remediation:

When scanning for...

Patch and Compliance scans by...

and remediates by...

LANDESK software updates

Using software update definitions published by LANDESK to check for the latest LANDESK software versions.

Installing the appropriate LANDESK software update.

Windows and Mac vulnerabilities

Using vulnerability definitions published by LANDESK (based on official security bulletins) to check for known operating system and/or application vulnerabilities.

Using a scheduled task or an autofix to deploy and install the required patch files. Patch files must already be downloaded to the local patch repository.

Mac vulnerabilities

Using vulnerability definitions published by LANDESK (based on official security bulletins) to check for known vulnerabilities.

Using a scheduled task or an autofix to deploy and install the required patch files. Patch files must already be downloaded to the local patch repository.

Linux/UNIX vulnerabilities

Using vulnerability definitions published by LANDESK (based on official security bulletins) to check for known vulnerabilities.

Using a scheduled task or an autofix to deploy and install the required patch files. Patch files must already be downloaded to the local patch repository.

Custom definitions

Using custom vulnerability definitions created by a LANDESK Administrator to check for a user-defined platform, application, file, or registry setting conditions.

Deploying a custom patch or script that addresses the situation. You may have the remediation as part of the initial definition, or as a separate patch.

Security threats

Using security threat definitions published by LANDESK to check for local Windows system configuration errors and exposures. You can modify security threat definitions that use editable custom variables to check for specific conditions.

Applying the configuration settings specified by the security threat definition.

Some security threats must be remediated manually at the affected device. To find out whether a security threat can be remediated from the console, view its Repairable column value (Yes or No) in the item list view.

Spyware

Using spyware detection definitions that check for instances of spyware programs on scanned devices. Patch and Compliance uses the LANDESK Software license monitoring tool's softmon.exe program to monitor for spyware. You can also enable real-time spyware monitoring and blocking with a device's agent configuration.

Removing the violating spyware application (as a repair task) or blocking the application when it tries to run. To enable real time blocking, enable autofix and spyware blocking in the agent settings and set the spyware definitions to autofix.

Driver updates

Using third-party driver update definitions that check for driver versions.

Deploying and installing the appropriate third-party driver update.

Software updates

Using third-party software update definitions that check for software versions.

Deploying and installing the appropriate third-party software update.

Antivirus updates

Using antivirus scanner detection definitions (NOT actual virus definition/pattern files) that check for:
- Installation of common antivirus scanner engines (including the LANDESK Antivirus tool)
- Real-time scanning status (enabled or disabled)
- Scanner-specific pattern file versions (up to date or old)
- Last scan date (whether the last scan is within the maximum allowable time period specified by the administrator)

For LANDESK Antivirus, use LANDESK software updates to update the antivirus engine.

For other antivirus engines, you must manually remediate.

Blocked applications

Using application definitions published by LANDESK (or user-defined application definitions) to immediately deny end user access to the application by editing the local registry. Patch and Compliance uses the LANDESK Software license monitoring tool's softmon.exe program to deny access to specified application executables, even if the executable file name has been modified, by reading the file header information.

Blocking the application when it tries to run, even if the program's executable file name has been changed, by reading the file header information. Remediation in this case is not a separate procedure. Application blocking is done during the security scan process. The security scan immediately denies end-user access to the application by editing the registry. (See the Legal disclaimer for the blocked applications type.)

For information about how to get started downloading patch definitions and scanning for vulnerabilities, see Getting started with Patch and Compliance.

 


Was this article useful?    

The topic was:

Inaccurate

Incomplete

Not what I expected

Other