The Patch Approval page approves pending patches set to Review by the latest Scan and Analysis scan of a machine.
Only profiles which have at least one machine assigned with vulnerabilities will be displayed on this page. When selecting a profile, the Pending Review tab will show patches which do not already have an automatic approval rule. The Approve,Reject, or Suppress buttons will create an automatic rule for the selected patches, which will apply to:
Machines which currently belong to the selected Scan and Analysis profile and are affected by the vulnerability. The Machines Affected column in the patch grid lists these machines.
Any new machines which are added to the profile later, or have the vulnerability detected.
The automatic rule can only be created once for each patch within a profile. On creation, the patch will be displayed in the Approved, Rejected or Suppressed tabs. From there, its approval status can be updated (for example, from Approved to Rejected) but the change will be applied only to new machines which are added to the profile after the change, or have the vulnerability detected for the first time. In this scenario, changes to the approval status for machines that were already in the profile with the vulnerability detected can only be done on a per-machine basis from the Machines page.
Note : Patch approval rules created from Override Profiles take precedence over rules defined in the Scan and Analysis profile or using an automatic rule created from the Patch Approval page.
Actions
Approve - Approves pending patches for deployment.
Reject - Rejects pending patches for deployment. Rejected patches can be subsequently approved and deployed using the History tab on the Machines page.
