Add Requirement: Patch

Adds a requirement to check that the client computer has a specific patch for the client computer's operating system. If you have one patch that applies to multiple operating systems, you can include them all in one requirement.
Review your selections carefully. If you select an operating system that does not match the patch, the requirement fails.
Patch requirements
Setting
Description
Patch Name
that must be installed
Describes the patch that must be installed on the client computer.
Type the patch name, such as
KB12345
. You can type only numbers and letters in this field.
Apply the patch on these operating systems
Specifies the operating systems for which the patch must be installed. You can choose one or more, but the patch name must apply to all selected operating systems.
Install the patch if it has not been installed on the client
Installs a new patch on the client computer from the management server. You can uncheck this check box if you want to use the Microsoft management software to install the patch. However, if you uncheck this option and the required patch is not installed on the client computer, the Host Integrity check fails on this requirement.
  • Install the patch if it has not been installed on the client
    .
    Checks whether or not the application is installed on the client computer.
  • Download the installation package
    .
    If the application is not installed on the client computer, enables the following options to download and install the application:
    • Download URL
      Specifies the location from which the installation file can be downloaded.
    • Execute the command
      Specifies whether the client user runs the installation or the installation runs automatically. To let the client user run the installation, leave the text box blank. To let the installation run automatically, you can type:
      %F%
      .
      For more information, see:
Run the program
Specifies whether the user needs to be logged on to the client for the program to run.
  • in system context
    The user does not have to be logged on for the program to run.
  • in logged-in user context
    The user must be logged on to the client for the program to run. The execute command line must include the full path name.
Specify wait time before attempting the download again if the download fails
Specifies a time to wait before the client tries to download and start the application again.
Allow the user to cancel the download for Host Integrity remediation
Enables the user to cancel remediation. You may want to enable users to cancel or delay remediation to avoid disruption to their work.
If you disable this option, the user is notified that a download is in progress. However, the user is not given the option to cancel or postpone the remediation.
Allow the Host Integrity check to pass even if this requirement fails
Enables the user to connect to the network even though the client computer fails this Host Integrity requirement. The failed requirement is logged in the client's Security log.