Patch tasks
It is recommended to regularly check for software updates and apply them as soon as possible. GravityZone automates this process through security policies, but if you need to update the software on certain endpoints right away, run the following tasks in this order:
Prerequisites
The security agent with Patch Management module is installed on target endpoints.
For the scanning and installation tasks to be successful, Windows endpoints must meet these conditions:
Trusted Root Certification Authorities stores the DigiCert Trusted Root G4 certificate.
Intermediate Certification Authorities includes the DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1.
Endpoints have installed the patches mentioned in these Microsoft articles:
For Windows 7 and Windows Server 2008 R2: Microsoft Security Advisory 3033929
For Windows Vista and Windows Server 2008: You cannot run an application that is signed with a SHA-256 certificate on a computer that is running Windows Vista SP2 or Windows Server 2008 SP2
For the module to work on macOS endpoints, Bitdefender Endpoint Security Tools components must have Full Disk Access permissions. For details, refer to Full Disk Access is not allowed for Bitdefender Endpoint Security Tools in macOS.
It is recommended to have a Relay machine available with Patch Caching Server role for storing and distributing software patches for Windows endpoints. In this specific case, the Relay machine requires 100 GB of free disk space.
For details on installing Bitdefender Endpoint Security Tools with various modules and roles, including Relay, refer to Install security agents - standard procedure.
Alternately, for details on how to to add the Relay role to a machine already having the security agent installed on, refer to Reconfigure agent.