Update Windows

Checks Update Windows status and performs the latest updates according to settings. If users have disabled automatic updates for various reasons, forced automatic update activation is possible.

Configuring Windows Operating System Update Environment

If you use the Update Windows function, you must first configure the environment for performing updates.

1. Configuring Windows Operating System Update Environment (Search/Connection Methods)

Windows Operating System Update environment settings are divided into methods for searching for update files and methods for connecting to update servers provided by Microsoft. You can change and use search methods and connection methods depending on your network environment.

1. Go to Settings in the top panel.
2. In the left Preferences menu, select Agent > OS Update.
3. Configure the Update Windows item.
4. Click the Modify button.

Note

1. Microsoft Update Windows: Method of communicating with an update server provided by Microsoft connected to an external network (Internet).
2. WSUS: Method of communicating with a WSUS server connected to an internal network.
3. Offline Scan File: Method of communicating with a Genian NAC Policy Server connected to an internal network.

Search Method	Connection Method	Environment Considerations
Microsoft Update Windows	Direct Microsoft Connection	Requires firewall allowance for the entire internal network.
	Connection via NAC (Download)	Requires firewall allowance for the entire internal network.
	Connection via NAC (Download+Scan)	Requires firewall allowance for NAC appliance (target configured with NAC Proxy service).
WSUS	Direct WSUS Connection	Requires server farm firewall allowance depending on WSUS location (server farm).
	Connection via NAC (Download)	Requires server farm firewall allowance depending on WSUS location (server farm).
	Connection via NAC (Download+Scan)	Requires server farm firewall allowance for NAC appliance (target configured with NAC Proxy service).
Offline Scan File	No configuration	Set in environments unable to communicate with external networks (Internet).

2. Configuring Proxy Server

This can only be configured when using Connection via NAC as the connection method during OS updates.

Used when it is not possible to grant allowance to all Network Sensors with Operating System Update Proxy Service Settings in the firewall.

Note

When configuring the Proxy server, external network access is performed using the configured server IP.

3. Configuring Allowed Access Domains

You can configure allowed access domains to enable operating system updates for targets whose network is blocked by Genian NAC.

Plugin Settings

• If the user has turned off automatic updates due to system delay or other reasons

1. Go to Policy in the top menu.
2. In the left Policy menu, go to Policy > Node Policy > Node Action.
3. In the Node Action management window, find and click Update Windows.

Below are Basic Settings.

1. For CWP Message, add a message to display according to the policy.
2. For Label, adding a label allows you to categorize the plugin with a custom label displayed in the "Description" input field.

Below are Plugin Settings.

1. From the dropdown menu of the Update Collection option, select a setting or click + to add an update collection.
2. Scan Time: Specifies whether to check for updates at a scheduled time. (Options: 1. Periodic Scan / 2. Scheduled Time Scan)
   • Execution Cycle: Adjusts the time interval to check the timing of update scan/installation. (Hours - Months)
3. Operation Mode: Select whether to perform scan and installation, or only scan.
4. Installation Time: Selects the time to perform update installation. (Options: 1. Install Immediately After Scan / 2. Install on Shutdown / 3. Install at Specified Time)
5. Reboot Option: Selects whether to notify the user or perform automatic reboot.
6. Automatic Update: Checks for important updates and specifies whether to install them using the dropdown settings.
7. Click the Modify button.
8. In the left Policy menu, go to Node Policy.
9. Click the Node Policy you wish to apply.
10. Find Node Action Settings and click Assign.
11. In the Available items, find Update Windows and drag it to the Selected items.
12. Click the Add button.
13. Click the Modify button.
14. Click the Apply Change Policy button in the top right.

Creating New Update Windows for Specific OS or Patch

1. Go to Policy in the top menu.
2. In the left Policy menu, go to Policy > Update Windows Policy.
3. Click Select Action > Create.

Configure Basic Information and Automatic Approval Settings below.

1. For ID, enter a unique name.
2. For Description, enter a brief description.
3. Product: Select the product to apply, or select all.
4. Classification: Select the item to apply, or select all.
5. Click the Create button.
6. Click the Apply Change Policy button in the top right.

Alternatively,

1. Go to Policy in the top menu.
2. In the left Policy menu, go to Policy > Node Policy > Node Action.
3. In the Node Action settings window, find and click Update Windows.

Configure Basic Information and Automatic Approval Settings below.

1. For ID, enter a unique name.
2. For Description, enter a brief description.
3. Product: Select the product to apply, or select all.
4. Classification: Select the item to apply, or select all.
5. Click the Create button.
6. Click the Apply Change Policy button in the top right.

(To delete no longer used Update Windowss, go to Policy > Update Windows Policy, then select the checkbox of the Update Windows item to delete and click Select Action > Delete button.)

• Configuring GenianSyncer Software