Multi-Tenant Management — Excluded Patches

Applies To: Endpoint Security Elite This topic applies to Endpoint Security Elite., Endpoint Security 360 This topic applies to Endpoint Security 360., Endpoint Security Prime This topic applies to Endpoint Security Prime., WatchGuard EDR This topic applies to WatchGuard EDR., Endpoint Security Basic This topic applies to Endpoint Security Basic.

To open the multi-tenant management UI for endpoint security, your Service Provider account must have an active Endpoint Security product license in its inventory.

The Status > Excluded Patches list provides quick access to a list of accounts and the patches excluded in the account. As a Service Provider, you can review the client account, details about the excluded patch, as well as its criticality, who excluded the patch, and when the patch was excluded.

To filter the list of accounts with excluded patches, from WatchGuard Cloud:

1. From Account Manager, select a Service Provider account.
   To select your own Service Provider account, select Overview. Or, select a tier-n Service Provider account.
2. Select Monitor > Endpoint Security.
3. On the Status page, select Excluded Patches.
   The Excluded Patches page opens.
4. Click Filters.
5. To refine search results, you can specify these filters:
   • Client — Select the client account that you want to filter the list for.
   • Program — Enter the name of the program.
   • Patch — Enter the name of the patch.
   • Criticality — Select the patch severity from the list.
   • Show non-downloadable patches — Select this option to show patches that are not readily available from the software vendor. Some software vendors allow you to purchase extended support to download patches as they become available. If a patch is non-downloadable, you must contact the software vendor to obtain the patch.
   • CVE — Enter the CVE ID for the vulnerability the patch resolves (for example, CVE-2018-2790).
6. Click Filter.

Unexclude Patches in Accounts

If you want to remove an excluded patch from an account and make it available again for installation, you can unexclude it.

When you exclude a patch, you exclude a specific version of the patch. If the software vendor releases a later version of that patch, it is not automatically excluded.

To unexclude an excluded patch:

1. In the Excluded Patches list, select the managed client accounts that you want to exclude patches for.
2. Click Stop Excluding.

3. Select an option to unexclude the patches for all computers where they are now available and when they are available in the future.
   • Unexclude patch for computers in this account only.
   • Unexclude patch for computers in all accounts.
     This action can be changed later if required.
4. Click Next.
   The patch is removed from the list.
5. To review a list of unexcluded patches, open the Available Patches list.
   For more information, go to Multi-Tenant Management — Available Patches

Exclude Patches List

The list displays information about excluded patches for each account. You can sort the list by the Client column.

The list includes these columns:

Client

The name of the WatchGuard Cloud account with at least one available patch. The account must have the Patch Management module allocated to appear in this list.

Group

The name of the WatchGuard Cloud account group that the account belongs to.

Program

The name of the program with the available patch.

Version

The version of the program with an available patch.

Patch

The name of the patch.

Criticality

Patch severity, as determined by the vendor (for example, Critical, Important, Moderate, Low).

Excluded By

The name of the operator who excluded the patch.

Excluded Since

The date when the operator excluded the patch.

Related Topics

About Multi-Tenant Management in Endpoint Security

Patch Management Best Practices

Install Patches