Name

The name that you wish to assign to this scan template.

Description

A description of the template.

Deploy missing patches using

If you want to automatically deploy any patches that are found to be missing, enable this check box. You must select the deployment template you want to use when deploying the patches.

Filtering tab

There are four different filters available on this tab.

Note: Be careful when using the Skip Selected filter option. If you skip a patch that supersedes another patch, the program will now scan for the superseded patch. This is done on purpose to avoid any unintentional vulnerabilities. If the intended consequence of skipping a patch is to not automatically deploy it or the related patches, then all the patches in the chain of superseded patches must also be skipped.

• Product filter: Scan for or skip patches for the selected products. If you do not wish to use this particular filter, specify Scan All.

Scan only for MBSA legacy products: If you want to scan only those legacy Microsoft products no longer supported by Microsoft Baseline Security Analyzer (MBSA) 2.x, enable this check box. See What is the Limited Program for more details about this product set. Enabling this check box disables all other product filter options.

• Patch filter: Either scan for or skip the patches listed in the specified text file and/or patch groups. If you do not wish to use this particular filter, specify Scan All.

• Patch Type filter: Specify the types of patches you will scan for or skip.  The options are:

• Custom Actions: Enables you to perform custom actions even if you are already fully patched. It does this by scanning for a specific QNumber and patch (QSK2745, MSST-001) that will never be found. The process uses the temporary file Nullpatch.exe.

• Non-security Patches: The set of patches supported by Microsoft Software Update Services (driver updates not supported). These patches are released on a weekly basis.

• Security Patches: Security bulletin related patches

• Security Tools: Patches for the malware tool provided by Microsoft.

• Criticality filter: What user-assigned criticality level -- Ignore, Low, Medium, High, Critical -- should the scanner either skip or include (at or below the specified level).  If you do not wish to use this particular filter, specify Scan All.

Note: If you use multiple filters, the order of precedence is as follows:

1) Product filter: This filter takes precedence over all other filters. If you elect to scan or skip one or more specific products, those products will be scanned or skipped regardless of how the other filters are configured.

2) Skip Selected: Any patches that are specified as Skip Selected on any of the three remaining filters (Patch filter, Patch Type filter, and/or Criticality filter) will be excluded from the scan. (But see the note above about superseded patches.)

3) Scan Selected: If any patches are specified as Scan Selected on any of the three remaining filters (Patch filter, Patch Type filter, and/or Criticality filter), then only those patches will be included in the scan.
 

General tab

• Scan For: During the scanning process, you can choose to scan for just missing patches or for both missing and installed patches.  When scanning for both missing and installed patches, you can include effectively installed patches in the results.  These are patches that supersede other patches.  See effectively installed patches and Determining Patch Supersedence for more information.

Note: The following options apply only to the console, not to agents that may also be using this template.

• Simultaneous machines scanned: Specify if you want to simultaneously scan a few machines or many machines. NetChk Protect can scan up to 256 machines at a time. The more machines you scan at the same time the more network resources that are required. Reduce this number if you are scanning over a slow link.

• View Notes: If enabled, enables you to view any notes that are generated during the scanning process.

• XML File Location: Enables you to specify whether you want to use the default XML data file or a different XML data file. The specified data file will be downloaded during the scanning process. This file contains the patch information and characteristics that define whether a patch has been installed on your system.
  
  If you want to use a different XML data file you must specify where it is located. The XML data file can be located anywhere accessible by the program and can be specified using a UNC location or an HTTP path. To select a location, click the navigation button to the right of the text box.

• MBSA Output File Name: Specifies the base file name that will be used for the file containing MBSA-compatible output. The machine name and the date/time stamp of the scan will be appended to the base name. The full file name will therefore be: YOURNAME-domain-computer(date time).xml. The file will reside in the directory specified in the MBSA XML output directory box.
  
  This option only applies if you are NetChk Limited user, or if the Generate MBSA-formatted output for patch scan results check box is enabled as a program option. See Scan Options for more information.

Software Distribution tab

This tab enables you to specify if you want to scan for free third-party products that can be deployed by NetChk Protect . Use the vertical scroll bar to view the complete list of third-party products supported by NetChk Protect .

The products that will be displayed are those that are available for the operating system being used on the scanned machine. If you want to include or skip reporting on a particular product, create a patch group that contains the desired product and then reference the patch group in the Patch filter settings area of the Filtering tab.

E-Mail tab

This tab enables you to specify which reports should be automatically sent and to whom the reports should get sent. The specified reports will be sent when a scan using this template is completed.

There are many different reports that can get sent. To understand what a particular report contains, click on the report in the list and view its description immediately above the list.

To specify which reports should be automatically sent and to whom they should be sent:

Note:  New templates must be saved before you can perform these steps.

1. Select a report in the Reports list.

2. In the Report Recipients list, select the groups and/or individuals you want to e-mail the report to.

3. Repeat Step 1 and Step 2 for each report you want to be automatically sent.

4. When finished, click Save.

Used by tab

This tab shows you the Favorites and agent policies that are currently using this scan template. This is important to know if you are considering modifying the template, as it tells you what other areas of the program are affected.