Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide

6.3.2 Performing judgment by a specified security update

This subsection explains all of the procedures for performing judgment when Specify security updates is specified for Judgment condition. Note that you can use the tabs to specify a patch or service pack, when a security update is specified.

To specify a security update:

Select the Make this a judgment target check box.
The items in the Edit Judgment Policy (Judgments for security updates) window are activated.

Select Specify security updates from Judgment condition.
Select Specify security updates from the Judgment condition pull-down menu.

Click the Definition button.
The Definition of Mandatory Security Updates dialog box is displayed.

In the Definition of Mandatory Security Updates dialog box, define the patch or service pack.
In the Definition of Mandatory Security Updates dialog box, there are two tabs: the Patch tab and the Service Pack tab. Select one to define information.

In the Definition of Mandatory Security Updates dialog box, click the OK button.
The Edit Judgment Policy (Judgments for security updates) window is displayed again.

In the Edit Judgment Policy (Judgments for security updates) window, click the Save button.
The set contents are saved as a judgment policy.

The following table lists the names of the dialog boxes and message boxes displayed when the corresponding buttons are clicked in the Definition of Mandatory Security Updates dialog box.

Table 6-4 Names of the dialog boxes and message boxes displayed from the Definition of Mandatory Security Updates dialog box

No. Tab name Button Dialog box name or message box name

1 Patch Add Add (patch information) dialog box

2 Change Update (patch information) dialog box

3 Delete Delete (patch information) message box

4 Import Import (patch information) dialog box

5 Export Export (patch information) dialog box

6 Service Pack Add Add (service pack information) dialog box

7 Change Update (service pack information) dialog box

8 Delete Delete (service pack information) message box

9 Import Import (service pack information) dialog box

10 Export Export (service pack information) dialog box

The following explains the edit operations for each page.

Organization of this subsection

(1) Defining patch information

(2) Defining service pack information

No.	Tab name	Button	Dialog box name or message box name
1	Patch	Add	Add (patch information) dialog box
2	Change	Update (patch information) dialog box
3	Delete	Delete (patch information) message box
4	Import	Import (patch information) dialog box
5	Export	Export (patch information) dialog box
6	Service Pack	Add	Add (service pack information) dialog box
7	Change	Update (service pack information) dialog box
8	Delete	Delete (service pack information) message box
9	Import	Import (service pack information) dialog box
10	Export	Export (service pack information) dialog box

(1) Defining patch information

To define patch information:

In the Definition of Mandatory Security Updates dialog box, select the Patch tab.

In the Patch page, define patch information.
You can add, change, and delete information about patches that must be applied to the client, in the Patch page. You can also import or export patch information as a CSV file.
Edit the information in the dialog boxes displayed by clicking the corresponding buttons.

When editing operations are complete, in the Definition of Mandatory Security Updates dialog box, click the OK button.
The Definition of Mandatory Security Updates dialog box closes, and the Edit Judgment Policy (Judgments for security updates) window is displayed again.

Reference note

When JP1/Client Security Control - Manager is upgraded from version 08-00 or earlier, the update number, article ID number, security level, and OS settings are also inherited without change. Note, however, that the comparison condition becomes blank.
 
Reference note

You can specify Unknown, Security level set for the judgment policy, and Safe for the judgment result that is used when one of the following conditions is satisfied:

Patch information is defined with Specify security updates specified for Judgment condition in the Edit Judgment Policy (Judgments for security updates) window.

The patch information specified in Installed software information is not found.

The client is linked to MBSA or WUA.

The specified patch information is not found in the security update information that has not been applied to the client (unapplied patch information).

You can set the judgment result in Customize judgment results (security updates) on the Basic Settings page of the Client Security Control - Manager Setup dialog box. For details about setting the judgment result, see 5.4.3 Setting up JP1/CSC - Manager.

The following explains how to add, change, delete, import, and export patch information.

(a) Adding patch information

To add patch information:

In the Definition of Mandatory Security Updates dialog box, click the Add button.
The Add (patch information) dialog box is displayed.

Enter the update number and article ID number.
Enter both the update number and article ID number for the patch information to be added.

Update number

Check the Web page for Microsoft security information, and enter the update number to be added. Make sure that you do not enter the prefix MS.

Article ID number

Check the Web page for Microsoft security information, and enter the article ID number to be added. Make sure that you do not enter the prefix, such as KB or Q.

Note

Enter the update number and article ID number as published by Microsoft. If the security update you specify in a judgment policy does not have an update number, enter the article ID number of the security update in the text box used for the update number.

Enter the information in Object.
Enter information about the target OS and target product for the patch information to be added. The following table lists the target setting items.

Table 6-5 Target setting items (when adding information)

No. Window item name Description Default

1 OS Select an OS from the pull-down menu. All OSs

2 OS service pack Select an OS service pack from the pull-down menu.

No specification
It is determined that no service packs have been applied.

All
All service packs are judged no matter whether a service pack is applied.

This item cannot be selected when All OSs is specified for OS in No. 1. No specification

3 Product name^# Select a product name from the combo box or enter a character string.

When selecting from the combo box:
Select a product name from the combo box.
You can select No specification, Microsoft Internet Explorer, or a product name registered in the product name definition file.

When entering a product name:
Use a character string of no more than 255 bytes to specify a product name.

No specification

4 Comparison condition If a product name other than No specification or Microsoft Internet Explorer is selected for Product name, select a comparison condition from the pull-down menu.
You can select Match all the words or Match the beginning of the words. Match all the words

5 Product version Enter the product version number. Versions are judged by forward matching. None (No default is provided.)

6 Product service pack If Microsoft Internet Explorer is selected for Product name, select the product service pack from the pull-down menu.
This item is disabled when a product name other than Microsoft Internet Explorer is selected. No specification

#

When defining IE patch information, be sure to select Microsoft Internet Explorer for Product name.

When you enter a product name, specify a software name registered as asset information in AIM.

The combo box of product names contains the product names that have been registered in the product name definition file by the administrator. However, if a product name is entered in step 3, that product name is automatically registered in the product name definition file and will be added to the combo box of product names next time it is displayed. If the product name definition file does not exist, the file is created automatically. For details about the product name definition file, see 16.4 Product name definition file.

Select the security level.
Select a security level from the pull-down menu. The default is Warning.

Click the Add button.
The set information is added to the patch list in the Add (patch information) dialog box. If there are multiple target OSs and target products for the patch information to be added, add them as necessary.

Click the OK button.
The Add (patch information) dialog box closes, and the Definition of Mandatory Security Updates dialog box is displayed again. The entered patch information is added.

(b) Changing patch information

To change patch information:

In the Definition of Mandatory Security Updates dialog box, select the patch information to be changed, and click the Change button. Alternatively, double-click the patch information you want to change.
The Update (patch information) dialog box is displayed.
Note that the Change button is disabled if you select multiple patches.

Check or change the update number and article ID number.
Check the update number and article ID number displayed for the patch information to be changed. Enter both the update number and article ID number to change the patch information.

Update number

Enter the update number to be updated. Make sure that you do not enter the prefix MS.

Article ID number

Enter the article ID number to be updated. Make sure that you do not enter the prefix, such as KB or Q.

Note

Enter the update number and article ID number as published by Microsoft. If the security update you specify in a judgment policy does not have an update number, enter the article ID number of the security update in the text box used for the update number.

Enter the information in Object.

Select the security level.
Select a security level from the pull-down menu.

Click the OK button.
The Update (patch information) dialog box closes, and the Definition of Mandatory Security Updates dialog box is displayed again. The patch information is updated to reflect the entered contents.

(c) Deleting patch information

To delete patch information in the Definition of Mandatory Security Updates dialog box:

In the Definition of Mandatory Security Updates dialog box, click to select the patch information you want to delete.

Click the Delete button.
The Delete (patch information) message box is displayed.

Check the message, and click the OK button.
The Delete (patch information) message box closes, and the Definition of Mandatory Security Updates dialog box is displayed again. The selected patch information is deleted.

(d) Importing patch information

For a significant amount of patch information, an administrator can create a definition file for mandatory security updates in CSV format, and import the file.

The client security control system provides a sample of a definition file for mandatory security updates. The administrator can customize the sample file to create a definition file based on the security objectives and then import it. For details about the sample of this definition file, see A.4(2) Sample of a definition file for mandatory security updates.

For details about the format of the definition file for mandatory security updates, see 16.2.4 Definition file for mandatory security updates.

To import patch information:

In the Definition of Mandatory Security Updates dialog box, click the Import button.
The Import (patch information) dialog box is displayed.

Specify Look in.
Specify the location of the definition file for mandatory security updates to be imported.

Specify the name of the definition file for mandatory security updates, and then click the Open button.
The specified file is read, and the Definition of Mandatory Security Updates dialog box is displayed again.
If the specified file does not contain information for the mandatory security updates (the file is empty), an error message appears and the import is canceled.

(e) Exporting patch information

Patch information can be exported to a CSV file.

To export patch information:

In the Definition of Mandatory Security Updates dialog box, click the Export button.
The Export (patch information) dialog box is displayed.
Note that the Export button is disabled when no definition has been registered in the Definition of Mandatory Security Updates dialog box.

Specify Save in.
Specify the location in which to save the exported file.

Specify the name of the CSV file to be exported for the file name, and click the Save button.
The specified file is saved, and the Definition of Mandatory Security Updates dialog box is displayed again.

No.	Window item name	Description	Default
1	OS	Select an OS from the pull-down menu.	All OSs
2	OS service pack	Select an OS service pack from the pull-down menu. No specification It is determined that no service packs have been applied. All All service packs are judged no matter whether a service pack is applied. This item cannot be selected when All OSs is specified for OS in No. 1.	No specification
3	Product name^#	Select a product name from the combo box or enter a character string. When selecting from the combo box: Select a product name from the combo box. You can select No specification, Microsoft Internet Explorer, or a product name registered in the product name definition file. When entering a product name: Use a character string of no more than 255 bytes to specify a product name.	No specification
4	Comparison condition	If a product name other than No specification or Microsoft Internet Explorer is selected for Product name, select a comparison condition from the pull-down menu. You can select Match all the words or Match the beginning of the words.	Match all the words
5	Product version	Enter the product version number. Versions are judged by forward matching.	None (No default is provided.)
6	Product service pack	If Microsoft Internet Explorer is selected for Product name, select the product service pack from the pull-down menu. This item is disabled when a product name other than Microsoft Internet Explorer is selected.	No specification

(2) Defining service pack information

For details about the OSs and products that can be defined in the Service Pack tab, see 16.2.2 List of setting values.

To define service pack information:

In the Definition of Mandatory Security Updates dialog box, select the Service Pack tab.

In the Service Pack page, define the service pack.
You can add, change, and delete information about service packs that must be applied to the client, in the Service Pack page. You can also import or export service pack information as a CSV file.
Edit the information in the dialog boxes displayed by clicking the corresponding buttons.

When editing operations are complete, in the Definition of Mandatory Security Updates dialog box, click the OK button.
The Definition of Mandatory Security Updates dialog box closes, and the Edit Judgment Policy (Judgments for security updates) window is displayed again.

Note

The OS and product name you define in the service pack information must be names registered as asset information in AIM.

The following explains how to add, change, delete, import, and export service pack information.

(a) Adding service pack information

To add service pack information:

In the Definition of Mandatory Security Updates dialog box, click the Add button.
The Add (service pack information) dialog box is displayed.

Use the radio buttons to select either OS or Product.
Select either an OS service pack or a product service pack.

Enter information for either OS service pack or Product service pack.
The set information differs between OSs and products. The following table describes the setting items.

Table 6-6 Setting Items for the Add (service pack information) dialog box

No. OS or product Window item name Description Default

1 OS OS Select an OS from the pull-down menu. Windows NT Workstation

2 Service pack Select an OS service pack from the pull-down menu. Service Pack 1

3 Select Match or or later from the pull-down menu. Match

4 Product Product name Select a product name from the pull-down menu. Microsoft Internet Explorer

5 Product version Enter the product version. None (No default is provided.)

6 Service pack Select the product service pack from the pull-down menu. Service Pack 1

7 Select Match or or later from the pull-down menu. Match

8 OS specification^# OS Select an OS from the pull-down menu. All OSs

9 Service pack Select an OS service pack from the pull-down menu.

No specification
It is determined that no service packs have been applied.

All
All service packs are judged no matter whether a service pack is applied.

No specification

#

Specify the prerequisite OS and service pack for the product.

Specify the security level.
Select a security level from the pull-down menu. The default is Warning.

Click the OK button.
The Add (service pack information) dialog box closes, and the Definition of Mandatory Security Updates dialog box is displayed again. The entered service pack information is added.

(b) Changing service pack information

To change service pack information:

In the Definition of Mandatory Security Updates dialog box, click to select the service pack information you want to change, and then click the Change button. Alternatively, double-click the service pack information you want to change.
The Update (service pack information) dialog box is displayed.
Note that the Change button is disabled if you select more than one item of service pack information.

Use the radio buttons to select either OS or Product.
Select either an OS service pack or a product service pack.

Change the information for either OS service pack or Product service pack.

Change the security level.
Select from the pull-down menu to change the security level.

Click the OK button.
The Update (service pack information) dialog box closes, and the Definition of Mandatory Security Updates dialog box is displayed again. The service pack information is changed to reflect the entered contents

(c) Deleting service pack information

To delete service pack information:

In the Definition of Mandatory Security Updates dialog box, click to select the service pack information you want to delete.
You can select more than one item of service pack information.

Click the Delete button.
The Delete (service pack information) message box is displayed.

Check the message, and click the OK button.
The Delete (service pack information) message box closes, and the Definition of Mandatory Security Updates dialog box is displayed again. The selected service pack information is deleted.

(d) Importing service pack information

For a significant amount of service pack information, an administrator can create a definition file for mandatory service packs in CSV format, and import the file.

The client security control system provides a sample of a definition file for mandatory service packs. The administrator can customize the sample file to create a definition file based on the security objectives and then import it. For details about the sample of this definition file, see A.4(3) Sample of a definition file for mandatory service packs.

For details about the format of the definition file for mandatory service packs, see 16.2.5 Definition file for mandatory service packs.

To import service pack information:

In the Definition of Mandatory Security Updates dialog box, click the Import button.
The Import (service pack information) dialog box is displayed.

Specify Look in.
Specify the location of the definition file for mandatory service packs to be imported.

Specify the name of the definition file for mandatory service packs, and then click the Open button.
The specified file is read, and the Definition of Mandatory Security Updates dialog box is displayed again.
If the specified file does not contain information for the mandatory service packs (the file is empty), an error message appears and the import is canceled.

(e) Exporting service pack information

Service pack information can be exported to a CSV file. In the Definition of Mandatory Security Updates dialog box, click the Export button to display the Export (service pack information) dialog box. Use this dialog box to output service pack information in CSV format.

To export service pack information:

In the Definition of Mandatory Security Updates dialog box, click the Export button.
The Export (service pack information) dialog box is displayed.
Note that the Export button is disabled when no definition has been registered in the Definition of Mandatory Security Updates dialog box.

Specify Save in.
Specify the location in which to save the exported file.

Specify the name of the CSV file to be exported for the file name, and click the Save button.
The specified file is saved, and the Definition of Mandatory Security Updates dialog box is displayed again.

No.	OS or product	Window item name	Description	Default
1	OS	OS	Select an OS from the pull-down menu.	Windows NT Workstation
2	Service pack	Select an OS service pack from the pull-down menu.	Service Pack 1
3	Select Match or or later from the pull-down menu.	Match
4	Product	Product name	Select a product name from the pull-down menu.	Microsoft Internet Explorer
5	Product version	Enter the product version.	None (No default is provided.)
6	Service pack	Select the product service pack from the pull-down menu.	Service Pack 1
7	Select Match or or later from the pull-down menu.	Match
8	OS specification^#	OS	Select an OS from the pull-down menu.	All OSs
9	Service pack	Select an OS service pack from the pull-down menu. No specification It is determined that no service packs have been applied. All All service packs are judged no matter whether a service pack is applied.	No specification

[Contents][Back][Next]

[Trademarks]

All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated