Software Management configuration
Application Settings
NAVIGATION Software Management > Configuration > Settings > Application Settings
The Application Settings tab sets general options for the entire module.
Actions
NOTE Display 3rd Party Vulnerabilities option is removed. With this change, the behavior of the module corresponds to the hybrid value of that option, meaning third-party software patches will be included only in scans and deployments on agents with Third-Party Support enabled. User can enable third-party support on agents on the Machines page.
- Edit
- Reboot Action Email: Applies only if Do not reboot after update, send email is selected in a Deployment profile. Specifies the subject and body format of email notifications that a machine needs to be rebooted after a patch.
- Within an Email: <id>
- Description: machine ID
- Compliance: Compliance checking is reported on the Dashboard page and in Info Center > Report Parts for Software Management.
- Compliance Check: Specifies how often machines are checked for compliance based on Kaseya Server time.
- Scan Grace Period: Specifies the grace period included in compliance checking for scanning. A machine is out of compliance if—at the time compliance is checked—the last actual scan was later than the last scheduled scan plus the grace period.
- Deploy Grace Period: Specifies the grace period included in compliance checking for deployment. A machine is out of compliance if—at the time compliance is checked—the last actual deployment was later than the last scheduled deployment plus the grace period.
- Patch Tolerance: Specifies a percentage ratio of deployed patches to approved patches. A machine is out of compliance if deployed patches are less than the specified percentage of approved patches.
The following variables can be included in your formatted email alerts and in procedures.
NOTE Third-party patches are included in compliance calculations only if third-party patching has been enabled for a machine.
- Vulnerability Definition: Specifies whether to include or exclude suppressed patches. This option reflects on the entire module experience. This does not reflect in Software Management Info Center report parts.
- Migration
- Prevent an agent from running both Patch Management and Software Management at the same time: If selected, Software Management will not run Scan Now on an agent if that agent is configured to use any of these Patch Management features:
- Patch Management Policy
- Scan Schedule
- Automatic Update Schedule
- Machine Update Schedule
- Patch Update Schedule
- Prevent an agent from running both Patch Management and Software Management at the same time: If selected, Software Management will not run Scan Now on an agent if that agent is configured to use any of these Patch Management features:
- Settings:
- Private Profiles: If checked, profiles are visible only if the profile was created by you or if the profile is assigned to a machine assigned to the scope you are using. If profiles are public, a user will have visibility to any endpoints which have Software Management profiles assigned. Profiles are public by default. Applies to the following types of profiles:
- Scan and analysis
- Override
- 3rd Party Software
- Deployment
- Alerting
- Display Third-Party Vulnerabilities: This historical function has been elevated to include the following options and behavior as a result:
- Hide All: If selected, third-party patches will not be included in scans and deployments.
- Hybrid (default, recommended option): If selected, third-party patches will be include only in scans and deployments on agents with Third-Party Support enabled. User can enable third-party support on agents on the Machines page. This option is enabled for all tenants.
- Show All: If selected, this latest function will list all third-party patches available for deployment on endpoint(s) without the need to enable or be licensed for third-party updates.
- Deploy Windows 3rd-party installers from SMPM Catalog: If selected, Windows third-party installers will be deployed from SMPM Catalog.
- Private Profiles: If checked, profiles are visible only if the profile was created by you or if the profile is assigned to a machine assigned to the scope you are using. If profiles are public, a user will have visibility to any endpoints which have Software Management profiles assigned. Profiles are public by default. Applies to the following types of profiles:
Migration
NAVIGATION Software Management > Configuration > Settings > Migration
The Migration tab enables you to migrate policies from Patch Management to Software Management. Two types of migration are available:
Migrate Knowledge Base Overrides
This option migrates all global KB overrides specified using the Patch Management > KB Override page. The migration creates a new KB override profile in Software Management with the name you specify.
NOTE You can perform this migration only once.
- Click Migrate Knowledge Base Overrides.
- Enter a Knowledge Base Override Name.
- Click Save.
Migrating Policies
This option migrates Patch Management policies and, optionally, migrates machine associations. This migration creates a new KB override profile in Software Management with the name you specify.
- Click Migrate Policies.
- Select one or more policies.
- Policy
- Copy Approvals
- Copy Denials
- Copy Machine Associations
- Click Convert.
