5 Replies Latest reply on Oct 10, 2018 4:07 AM by JoeDrwiega

    DELETE OLD DEFINITION

    johlelong Rookie

      Hello there ,

       

      so , we installed recently the iVanti Landesk i have too many old patches ( 1990's ... 2000...2013....2016..2017)

      i delete manually the patches from the patch and compliance ==> scan folder but they downloaded again and again

      i tried also to deleted them from the local repository but it seems like the same problem

       

      is there any to delete them , i want to keep just the 2018 vulnerabilities

       

      Thank you

        • 1. Re: DELETE OLD DEFINITION
          JoeDrwiega SupportEmployee

          That is due to patch content within the subscription and as you can tell deleting them is not the answer as they come back but what you need to do is just drag all the content you don't want to the Do NOT Scan folder and be sure to set the others settings described here: https://community.ivanti.com/docs/DOC-41033

          1 of 1 people found this helpful
          • 2. Re: DELETE OLD DEFINITION
            Rick.Smith1 Specialist

            Ditto what Joe said. You need to put these into DO NOT SCAN.

             

            Keep in mind however, if any of your 2018 vulnerabilities rely upon a pre-requisite\dependency prior to 2018, I believe you will need to enable those so that the 2018 definition can validate that it meets the dependency\pre-req before it will scan the current one. Otherwise you will get a false sense that it inst required when it really is.

             

            To bad they didnt retro the old definitions to the new scan engine... that way it would just scan all of those in 5 seconds instead of scanning all the old stuff slowly and then scanning the new stuff in 5 seconds.

            • 3. Re: DELETE OLD DEFINITION
              mrspike SSMMVPGroup

              Adding to this... there is a column in the patch window named "Replaced by"  I do a "Find" in the patch window and type in "all" and move those patches to the Do Not Scan group.

               

              Note, there were a half dozen or so patches that are marked as Replaced All that were needed for newer patch to install, but I think those were for Win 8 and some very old Win 7.

               

              What I do from time to time is to use a VM on Win 7, 8.1 and 10 that have the latest Service Pack (Win 7) but no other patches installed and I scan and repair what we consider our baseline (we create a custom group and add required patches to it monthly), reboot, rescan, etc until LANDesk thinks it is clear, and then I run Windows Update to validate... If WU finds patches I think are needed I ensure it is in our baseline group and if needed, any dependencies.

              • 4. Re: DELETE OLD DEFINITION
                phoffmann SupportEmployee

                Alternatively, rather than doing it manually, you can just use the "disabled replaced rules" button & have the console do it for you. Via this button here... (click on the image for a full-size picture).

                 

                ... had typed that up for another thread but can't find it . Click the button & it's not hard to use.