Phone Lines icon GFI Support Home Start a conversation Sign in
Start a conversation
  1. GFI LanGuard
  2. GFI LanGuard - Remediation
  3. Articles

Can LanGuard auto-remediation patch a target machine that missed the patching schedule window?

Overview

The target machine was offline and missed the scanning with the auto-remediation schedule window.

This article answers the question of whether it is possible to configure GFI LanGuard to apply the missing patches to a system automatically once the machine is back online and provides recommendations on how to address this issue.

 

Solution

The auto-remediation patching will fail if the target machine missed the scanning window or was not able to communicate with the LanGuard server at the time of the scheduled scan.

The auto-remediation will trigger again during the next scheduled window and the machine will get the updates it missed. Also, for the console-based scans, it is possible to configure waking up sleeping clients or waiting for the target machine to connect to the network,

All the remediation and patching operations are always performed by the LanGuard server, never by the agent, even if they are triggered by the agent scanning. Ie, the machine has to be able to communicate with the LanGuard server and the server to connect to the machine in order to patch it.

 

Refer to our configuration recommendations below on how to avoid such issues depending on your environment and use case.

Agent Scanning with Auto-Remediation

When you are using LanGuard Agents for the scheduled scanning with auto-remediation:

  1. If the machine is usually offline at the scheduled time, it is recommended to adjust the Agent Scan Schedule based on the availability pattern. The schedule can be changed for a group of agents as well.
  2. If the machine is physically connected to the network and is sleeping or powered off, you can use console-based scanning instead that will wake up the target machine(s), see below.

Console-based Scanning with Auto-Remediation

When you are using console-based scheduled scanning with auto-remediation:

  1. If the target machine is physically connected to the network and is sleeping or powered off, enable Wake up offline computers option for the job and Configure Wake-On-Lan of Scan Targets.
    WakeUp.png
  2. If the target machine is not connected to the network, adjust the Console Scan Schedule based on the availability pattern.

 

Related Articles

Choose files or drag and drop files
Was this article helpful?
Yes
No

  1. Priyanka Bhotika

  2. Posted
  3. Updated

Comments