[KB8451] Enable and configure Vulnerability & Patch Management in ESET PROTECT

Issue

Solution

Video: How to automate Vulnerability Scanning and Patch Management with ESET PROTECT Platform

Prerequisites

To view and enable ESET Vulnerability & Patch Management, ensure you have one of the following tiers:

  • ESET PROTECT MDR Ultimate
  • ESET PROTECT MDR
  • ESET PROTECT Elite
  • ESET PROTECT Complete

See how to add a license in ESET PROTECT Hub, ESET Business Account or ESET MSP Administrator.

You can enable ESET Vulnerability & Patch Management only on Windows computers running:

  • ESET Management Agent version 10.1 and later
  • ESET Endpoint Security for Windows version 10.1and later
  • ESET Endpoint Security for Windows version 11 and later (OS auto-updates)
  • ESET Server Security for Microsoft Windows Server version 11.0 and later
  • ESET Endpoint Security for macOS 8.0 and later
  • ESET Endpoint Antivirus for Linux 11.0 and later
  • ESET Server Security for Linux 11.0 and later

Test on a small number of endpoints

For ESET Vulnerability & Patch Management, we suggest testing on a small number of endpoints before batch actions.

ESET Vulnerability & Patch Management eligibility 

Endpoint devices must be activated with an ESET Vulnerability & Patch Management-eligible license. If you enable ESET Vulnerability & Patch Management via policy without an ESET Vulnerability & Patch Management-eligible license, it will generate errors on the endpoint devices.

Enable Vulnerability & Patch Management

  1. Open ESET PROTECT in your web browser and log in.

  2. Click PoliciesNew policy.

    Figure 1-1
  3. Type a name for a new policy and click Settings.

    Figure 1-2
  4. Select Common features from the drop-down menu, click Vulnerability & Patch Management and click the toggle next to Enable Vulnerability & Patch Management to enable it.

    Figure 1-3
  5. Click Edit next to Computer restart options.

    Figure 1-4
  6. Select Restart from the Automatic action drop-down menu, select the appropriate option from the Postpone drop-down menu and click Save.

    Server products

    Server products do not support automatic device restart actions to complete patch management. 

    Figure 1-5
  7. Click Edit next to Vulnerability & Patch Management scheduler.

    Figure 1-6
  8. Select the desired check boxes next to Weekdays, set start and end times in the respective fields, and click Save.

    Figure 1-7
  9. Click Assign and assign a policy to a computer or group of computers.

    Figure 1-8

Enable auto-patch management

Server products

Server products do not support auto-patch management. Patch management must be performed manually.

  1. Open ESET PROTECT in your web browser and log in.

  2. Follow the steps 1-4 in the previous section. Enable Vulnerability & Patch Management options must be enabled to enable Auto-patch management.

  3. Click the toggle next to Enable auto-patch management to enable it.

    Figure 2-1
  4. The Auto-patch strategy consists of two options: Patch all except excluded applications and Patch only allowed applications.

    • Patch all except excluded applications

      The Patch all except excluded applications option updates all applications except those on the Excluded applications list. 

      Select Patch all except excluded applications from the Auto-patch strategy drop-down menu, click Edit next to Excluded applications. Continue to step 5.

      Figure 2-2
    • Patch only allowed applications

      The Patch only allowed applications option only updates applications on the Allowed applications list.

      Select Patch only allowed applications from the Auto-patch strategy drop-down menu, click Edit next to Allowed applications. Continue to step 5.

      Figure 2-3
  5. Select the check boxes next to the chosen app name and click Save.

    Duplicated app names

    The Products available for patching list may contain duplicate entries. When selecting the apps for patching, ensure that you select the check boxes next to all entries with the same name.

    Apps might require a computer restart

    Some apps require a computer restart and can restart computers automatically.

    Apps licensed to a specific version

    Some apps can be licensed to a specific version. We recommend revising your applications.

    To avoid an unnecessary upgrade, set the Auto-patch strategy to Patch all except excluded applications while creating a policy (follow this step).

    Figure 2-4
  6. Click Assign and assign a policy to a computer or group of computers.

    Figure 2-5

Read more about ESET Vulnerability & Patch Management.


Enable OS auto-updates

  1. Open ESET PROTECT in your web browser and log in.

  2. Follow the steps 1-4 in the previous section. Enable Vulnerability & Patch Management options must be enabled to enable OS auto-updates.

  3. Click the toggle next to Enable OS auto-updates to enable it.

    Figure 3-1
  4. Click Edit next to Allowed OS auto-updates to select the severity levels for applying OS updates via a policy and then click Save

    Figure 3-2
  5. Click Finish to save the new policy. 

Read more about ESET Vulnerability & Patch Management.