Scenario: Updating third-party software
This section provides a scenario for updating third-party software installed on client devices. Third-party software includes applications from other software vendors.
Prerequisites
The Administration Server must be connected to the internet in order to install third-party software updates.
Stages
Updating third-party software proceeds in stages:
- Searching for required updates
To find the third-party software updates required for the managed devices, run the Find vulnerabilities and required updates task. When this task is complete, Kaspersky Security Center Linux receives the lists of detected vulnerabilities and required updates for the third-party software installed on the devices that you specified in the task properties.
The Find vulnerabilities and required updates task is created automatically by the Administration Server quick start wizard. If you did not run the wizard, create the Find vulnerabilities and required updates task or run the quick start wizard now.
You can create the Find vulnerabilities and required updates task only for Windows devices. You cannot create this task for devices running on other operating systems.
- Viewing the list of found updates
View information about the available third-party software updates and decide which updates you want to install. To view detailed information about each update, click the update name in the list. For each update in the list, you can also view the statistics on the update installation on client devices.
- Configuring installation of updates
When Kaspersky Security Center Linux receives the list of third-party software updates, you can install them on client devices by creating the Install required updates and fix vulnerabilities task.
You can create the Install required updates and fix vulnerabilities task only for Windows devices. You cannot create this task for devices running on other operating systems.
The Install required updates and fix vulnerabilities task is used to install updates for Microsoft applications, including the updates provided by the Windows Update service and updates of other vendors' software. Note that the Install required updates and fix vulnerabilities task can be created only if you have a license for the Vulnerability and patch management feature.
To install some software updates, you must accept the End User License Agreement (EULA) for the installation software. If you decline the EULA, the software update will not be installed.
You can start an update installation task by schedule. When specifying the task schedule, make sure that the update installation task starts after the Find vulnerabilities and required updates task is complete.
- Scheduling the tasks
To be sure that the update list is always up-to-date, schedule the Find vulnerabilities and required updates task to run automatically from time to time. By default, the Find vulnerabilities and required updates task is set to start manually.
If you have created the Install required updates and fix vulnerabilities task, you can schedule it to run with the same frequency as the Find vulnerabilities and required updates task or less often.
When scheduling the tasks, make sure that an update installation task starts after the Find vulnerabilities and required updates task is complete.
- Approving and declining third-party software updates (optional)
If you have created the Install required updates and fix vulnerabilities task, you can specify rules for the update installation in the task properties window.
For each rule, you can define the updates to install depending on the update status: Undefined, Approved, or Declined. For example, you may want to create a specific task for servers and set a rule for this task to allow installation of only those updates that have the Approved status. After that, you manually set the Approved status for those updates that you want to install. In this case, the updates that have the Undefined or Declined status will not be installed on the servers that you specified in the task.
The usage of the Approved status to manage update installation is efficient for a small amount of updates. To install multiple updates, use the rules that you can configure in the Install required updates and fix vulnerabilities task. We recommend that you set the Approved status for only those specific updates that do not meet the criteria specified in the rules. If you manually approve a large number of updates, the performance of the Administration Server decreases, which may lead to an overload of the Administration Server.
By default, downloaded software updates have the Undefined status. You can change the status to Approved or Declined in the Software updates list (Operations → Patch management → Software updates).
For more details, refer to the instructions on approving and declining third-party software updates.
- Running an update installation task
Start the Install required updates and fix vulnerabilities task. When you start this task, updates are downloaded and installed on managed devices. After the task is complete, make sure that it has the Completed successfully status in the task list.
- Create a report on the results of the update installation (optional)
To view detailed statistics on the update installation, create the Report on results of installation of third-party software updates.
Results
If you have created and configured the Install required updates and fix vulnerabilities task, the updates are installed on the managed devices automatically. When new updates are downloaded to the Administration Server repository, Kaspersky Security Center Linux checks whether they meet the criteria specified in the update rules. All new updates that meet the criteria will be installed automatically at the next task run.
