Patch a workload

EDR automatically detects if a workload requires a patch, and enables you to patch the workload to prevent vulnerability exploitations in future potential attacks. Note that this feature is available only if the partner's workload has a subscription for Advanced Management.

To patch a workload

1. In the cyber kill chain, click the workload node you want to patch.
2. In the displayed sidebar, click the Response Actions tab.
3. In the Remediate section, click Patch.
4. In the Patches to install field, click Select. In the displayed dialog, select the relevant patches and then click Select.
5. In the Post-installation options field, click the displayed link. The Post-installation options dialog is displayed.

   

6. Select the action to perform after the patch is installed:
   • If user is logged out: Select one of Do not restart, Restart, or Restart only if required.
   • If user is logged in: Select one of Do not restart, Restart, or Restart only if required.

     When you select Restart, you can also define the following:

     • Schedule the restart.
     • Allow snoozing, including the defined intervals between snoozes.
7. [Optional] Select the Do not restart while backup is in progress check box to ensure the workload is not restarted if a backup is currently in progress.
8. Click Save.
9. In the Response Actions tab, click Patch.

   The selected patch is run. This action can also be viewed in the Activities tabs of both the individual node and the entire incident. For more information, see Understand the actions taken to mitigate an incident.