3 Replies Latest reply on Aug 12, 2014 10:38 AM by Peter Massa

    Patch System = Scan only = What then???

    Rookie

      Hi all

       

      All our OS deployment templates have Patch system as the last action under system configuration. They all set to Scan Only. I tried and tried to get a good explanation on what this means and all i keep coming up with is that it ... well ... scans local system for what is missing. But seems like i cant find more fine details - Scans local system against what? Once scan what does it do? Etc... Just missing info to understand what it actually does.

       

       

      Thanks a lot

        • 1. Re: Patch System = Scan only = What then???
          Alex.Richardson SSMMVPGroup

          Have a read of this document. It contains the answers you are looking for.

           

          How to detect and install Patches Within Provisioning

          1 of 1 people found this helpful
          • 2. Re: Patch System = Scan only = What then???
            Rookie

            Thank you for suggestion. I have had read that article.

             

            Scan only - Will only report vulnerabilities, but not remediate any.

             

            What does that mean? It will scan that system and do nothing about it? What is the point of that than?

            • 3. Re: Patch System = Scan only = What then???
              Peter Massa Expert

              tarasula,

               

              Scan only means that it will scan the system for any vulnerabilities, virus definition updates, applications to block, etc (these are customizable so you can mix or match).  It will then report these back to the core so that they are included in your reports and can be patched at a future time.

               

              The reason for this is two fold -

              1. Feature parity - allowing both the ability to "scan and patch" or "just scan"

              2. Allow a system to scan for patches but not spend the time to repair them immediately if it is time sensitive to get the device out the door and they can be patched later - but you will want the information recorded.

               

              So you have essentially 3 options at a high level:

              1. Don't scan and don't remediate.

              2. Scan and don't remediate.

              3. Scan and remediate.

               

              It is up to you to decide what fits your needs.  Most users do option 3.

               

              Hope this helps,

              Peter