Overview
You want to know how to remediate machines and deploy patches using LanGuard.
This article describes how to remediate specific computers or the whole domain, and the manual remediation tasks available.
Solution
LanGuard can be set to automatically download and deploy missing patches and service packs discovered during a network security scan. At the same time, the Remediation Center allows users to deploy these updates manually network-wide as well as recall any patches that were deployed.
Both patch deployment and patch rollback operations are managed by the Patch Agent Service that manages all file transfers between GFI LanGuard and remote targets. This service is installed automatically on the remote target computer during the patch deployment process and removes itself afterward.
Ensure that the NetBIOS service is enabled on the remote target computer(s).
To run a Manual Remediation job:
1. Launch the LanGuard console and select the Remediate tab > Remediation Center.
2. From the left panel, expand and locate a computer, group of computers, or a domain to perform remediation actions. You can also select several specific computers by holding down the Ctrl key and click for each computer you want to remediate in the Computer Tree.
3. Choose the desired remediation action and follow the steps from the corresponding Knowledge article in the table below. The available remediation actions are:
Action | Description |
---|---|
Deploy Software Updates | Deploy missing patches discovered when auditing target computers. |
Uninstall Software Updates | Uninstall service packs from target computers. |
Deploy Custom Software | Deploy custom applications and scripts on target computers. |
Uninstall Applications | Uninstall applications from target computers. |
Malware Protection | Perform Malware protection actions on target computers. |
Remote Support via Remote Desktop Connection |
Connect to a target machine and perform administrative tasks using the remote desktop connection:
|
A complete list of Microsoft products for which GFI LanGuard can download and deploy patches is available at LanGuard reports. For Non–Microsoft software update patches supported by GFI LanGuard, check Supported 3rd party Windows Application Updates.
While an infrequent occurrence, patches may be recalled due to newly discovered vulnerabilities or problems caused by installing these updates, such as conflict issues with present software or hardware.
The complete patch management process, from detection to remediation, is supported for most non-Microsoft products. There is, however, a small set of products that GFI LanGuard cannot update and which GFI LanGuard functionality is limited to detecting missing updates. For example, Apache Webserver.
Testing
You are automatically taken to the Remediation Jobs tab, where you can monitor the progress of the remediation operation.