![[Contents]](FIGURE/CONTENT.GIF)
![[Glossary]](FIGURE/GLOSS.GIF)
![[Index]](FIGURE/INDEX.GIF)
![[Back]](FIGURE/FRONT.GIF)
![[Next]](FIGURE/AFTER.GIF)
Job Management Partner 1/Client Security Control Description, User's Guide and Operator's Guide
This subsection describes the procedures for updating the judgment policies relating to security updates without using the Edit Judgment Policy (Judgments for security updates) window.
By running the judgment policy update command for security updates (cscpatchupdate), you can automatically update patch information for judgment policies relating to security updates by using the patch information files collected by Job Management Partner 1/Software Distribution.
For details about the judgment policy update command for security updates (cscpatchupdate), see cscpatchupdate (updates patch information for judgment policies relating to security updates) in 15. Commands.
- Organization of this subsection
- (1) Types of patch included in automatic update
- (2) Using Scheduled Tasks to automatically update judgment policies for security updates
(1) Types of patch included in automatic update
The judgment policy update command for security updates can update patch information for the programs listed in the table below. Note that automatic update of patch information applies to the OSs or service packs supported by Microsoft.
Table 6-7 Programs for which automatic update of patches is supported
Program Type or version Windows Windows 7 Windows Server 2008 Windows Vista Windows Server 2003 Windows XP Windows 2000 Microsoft Internet Explorer 6.0, 7.0, 8.0, 9.0 Of the patches provided for these programs, automatic update applies to the following classes of patch:
- Critical updates
- Security updates
- Security rollups
- Note
- The result of security level judgment may be Unknown if patch information meets any of the conditions listed below. If this occurs, review the relevant patch information from the Edit Judgment Policy (Judgments for security updates) window.
- The patch information is specific to a 32 bit (x86) or 64 bit (x64) version of Windows (for example Windows Server 2003 (x64)).
- The patch information is specific to a particular edition of the operating system (for example Windows Server 2003, Enterprise Edition).
- The patch information has already been applied by way of a cumulative security update or other means.
- The patch information depends on the status of a particular Windows service or component.
(2) Using Scheduled Tasks to automatically update judgment policies for security updates
To periodically update the judgment policy for security updates, we recommend that you register the judgment policy update command for security updates in Windows Scheduled Tasks.
To automatically update judgment policies for security updates using Windows Scheduled Tasks:
- In JP1/Software Distribution Manager, configure the network for acquiring patch information files.
For information about setting up JP1/Software Distribution Manager to acquire patch information files, see 5.2.2(6) Setting up for acquiring patch information files and the manual Job Management Partner 1/Software Distribution Administrator's Guide Volume 1, for Windows Systems.
- Create a patch update condition file as required.
Use the judgment policy update command for security updates (cscpatchupdate) to create a patch update condition file containing updated patch information.
For details about patch update condition files, see 16.11 Patch update condition file.
- Define the judgment policy update command for security updates as a task in Scheduled Tasks.
Set up periodic execution of the judgment policy update command for security updates (cscpatchupdate) by defining it as a task in Windows Scheduled Tasks. For details about how to register commands in Scheduled Tasks, see 5.9 Procedures for setting a task in Scheduled Tasks.
- Acquire the latest patch information file.
Using JP1/Software Distribution, acquire the latest patch information file. You must do so before executing the judgment policy update command for security updates (cscpatchupdate).
For details about how to acquire patch information files, see the manual Job Management Partner 1/Software Distribution Administrator's Guide Volume 1, for Windows Systems.
- Execute the judgment policy update command for security updates as a scheduled task.
The judgment policy for security updates is updated based on the contents of the patch information file and the patch update condition file. You can then use the Policy Management window of JP1/Client Security Control - Manager to check whether the judgment policy has been updated.
All Rights Reserved. Copyright (C) 2009, 2011, Hitachi, Ltd.
Copyright, patent, trademark, and other intellectual property rights related to the "TMEng.dll" file are owned exclusively by Trend Micro Incorporated