Overview

This article goes over how an individual may deploy a vulnerability patch to a group.

Resolution

1. Once logged into Lumension hover over Manage, then click on Groups.  A list of Groups will appear on the left side of the screen.
2. Click the arrows to expand the directory structure. Click on the group listed on the left to display the information selected in the view drop down on the main display window.
3. On the main display screen the group will be listed on the left and on the far right will be a View: drop down menu. The View: drop down menu will display selected information about the selected group. Select Vulnerabilities/Patch Content if it is not selected.
4. To search by Name or CVE-ID, Vendor, Content type, Vendor release date, Applicability, State or Detection status, update desired field(s) with search criteria then select Update View to apply.
5. Select the Check box next to the desired vulnerability(s), then select Deploy. A separate window will open, closing this window at any point before reaching the end will terminate the deployment.
6. Select Next > on the Welcome to the Deployment Wizard, welcome screen. Select Cancel at any time to cancel the current deployment setup.
7. The Available Endpoints/Groups page displays the OS type, total endpoints the patch is applicable to and the total it will go to. Additional groups can be added by selecting them in the Available Groups search area. Select Next > to continue or < Back to go to the previous menu option.
8. The Available Packages page will show the number of available vulnerability patches by vendor and the number currently selected. Select Next > to continue or < Back to go to the previous menu option.
9. If applicable, the Licenses page will display the EULA information for software to be installed. Select I ACCEPT(or similar) to be able to continue. Select Next > to continue or < Back to go to the previous menu option.
10. The Deployment Information Page is where the deployment is named and scheduled. When all options are configured select Next > to continue.
    1. Select Job Name to enter desired text.
    2. Select Task Name to enter desired text.
    3. The Start Time section is where deployment time functions are defined.
       1. Select the Change… button to open the Schedule Configuration wizard.
          1. Here you can select a One Time deployment or a Recurring deployment by selecting the radial button that correspond to the desired choice.
          2. From the calendar select a Month and year. Click the Greater than or Less Than signs by the month and year to change months.  Select a Day by clicking on the date.
          3. Define a 12 or 24 hour clock by selecting the corresponding radial button below the calendar.
          4. Select a time by picking an hour and minute from the corresponding drop down menus. Select AM or PM by using the drop down menu.
          5. Click Next > to save changes and return to the Deployment Information Page.
       2. The Manner section is used to set the deployment behavior.
          1. Click the corresponding radial buttons to select either a Concurrent or Consecutive Deployment. A Concurrent deployment will deploy to the selected number of machines listed at the same time. To change the number click on the text box and type in desired number. A Consecutive Deployment will deploy patches as endpoints check in with the server.
          2. Click on the check box adjacent to, Suspend the deployment of this package, if it fails to deploy to one or more nodes, to enable or disable suspension of failed deployed packages.
          3. Click on the check box adjacent to, Deploy package eve if the computer has been previously patched, to enable to disable deploying packages to already patched machines.
       3. The Notes: field is where comments or notes about a deployment can be made. Click on the text box and type desired text.
       4. Select Next > to continue.
11. Package Deployment Order and Behavior will display all selected packages, the order they will be installed, if there are dependencies and if a reboot is required. To change the order click the arrows on the far right. Select Next > to continue.
12. Notification Options is where you can alert endpoints of a pending install or reboot. Select Next > to continue.
    1. Define the Deployment Notification Options, select whether or not to notify users of the package deployment. Click on the adjacent radial button to select either, Do not notify users of this deployment or Notify users of this deployment.

1. Do not notify users of this deployment will install the select package without notifying the end user.

2. Notify users of this deployment will notify users and allow the following additional options.

1. Modify the message users will see by clicking the Message box and typing desired text.

2. Clicking on the Use Polices check box will enable or disable using Global Policy. Leaving the box empty will allow the following additional options.

1. Allow user to cancel. This can be set to yes or no by clicking using the drop down menu. Or it can be set to use Agent Policy by clicking on the check box.

2. Allow user to snooze. This can be set to yes or no using the drop down menu. Or it can be set to use Agent Policy by selecting the check box.

3. Notification on top. This can be set to yes or no using the drop down menu. Or it can be set to use Agent Policy by selecting the check box.

3. Deploy options, can be set to deploy the selected packages within a certain time or by a certain date and time. Select the adjacent radial button to choose to deploy within or by a certain time.

1. Within, click the text box and type desired number. Then click the drop down menu to select minutes, hours or days.

2. By, click on the date field to open a calendar. Select the desired month and year, using the greater than and less than arrows to navigate. Then select the day by clicking on the desired day. Finally use the drop down menus to select an hour, minute and either am or pm.

2. Define the Reboot Notification Options, select whether or not to notify users of a required reboot. Click on the adjacent radial button to select either, Do not notify users of the reboot or Notify users of the reboot.

1. Do not notify users of this reboot, will reboot the machine without notifying the end user.

2. Notify users of the reboot, will notify users and allow the following additional options.

1. Modify the message users will see by clicking the Message box and typing desired text.

2. Clicking on the Use Polices check box will enable or disable using Global Policy. Leaving the box empty will allow the following additional options.

1. Allow user to cancel. This can be set to yes or no by clicking using the drop down menu. Or it can be set to use Agent Policy by clicking on the check box.

2. Allow user to snooze. This can be set to yes or no using the drop down menu. Or it can be set to use Agent Policy by selecting the check box.

3. Notification on top. This can be set to yes or no using the drop down menu. Or it can be set to use Agent Policy by selecting the check box.

4. Reboot within. This will reboot the endpoint within set time. Select the text box and type desired number and then use the drop down menu to select minutes, hours or days.

13. Deployment Conformation page will display a summary of what was entered throughout the wizard. Select Finish to create the deployment. If packages are required but not downloaded, please refresh the page until all packages are downloaded.

14. Verify the deployment by hovering over manage, then click on deployment and tasks. Once the page loads verify that the newly created task is listed.