ClearPass OnGuard - checking Windows patches
11-08-2017 05:23 AM
My client wants to check with OnGuard if windows patches are up-to-date but with some period back for example 2-3 months, so he shouldn't go to quarantine at once when he hasn't installed yet newest patches available.
In this moment we are using Windows Security Health Validator and we have turned on Security Updates and Important and above.
The result is such that when host computer have got info about new patches from windows update it automatically goes to quarantine.
We would like to give client some time to update his computer, not automatically send to quarantine
Any idea how to achive this ?
Re: ClearPass OnGuard - checking Windows patches
07-06-2018 06:12 AM
Allow the application service windows-updates in the quarantine role as part of a firewall policy. This would allow the clients to still access windows updates from quarantine to get in compliance.