>
    Configure HIP Exceptions for Patch Management
    Focus
    Download PDF
    Focus
    1. Home
    2. GlobalProtect
    3. Host Information
    4. Configure HIP Exceptions for Patch Management
    Download PDF
    GlobalProtect

    Configure HIP Exceptions for Patch Management

    Table of Contents

    Configure HIP Exceptions for Patch Management

    Configure GlobalProtect app to exclude specific patches from endpoint HIP report, preventing failures due to frequent patch updates.
    Where Can I Use This?
    What Do I Need?
    • Prisma Access
    • GlobalProtect Subscription
    • Prisma Access Mobile Users license (for use with Prisma Access)
    • GlobalProtect app version 6.2 or later for Windows, macOS
    • Content release version 8699-7991 or later
    Use the following procedure to configure the GlobalProtect app to exempt specific security patches from being reported as missing from the endpoint HIP report to prevent the endpoint from failing the HIP check in cases where patch updates happen frequently (for example some companies update their patches multiple times a day with threat updates).
    2. Define the patches you want to exclude from the HIP report and the date until which to exclude them.
      1. On the firewall that is hosting your GlobalProtect portal, select
        Network
        GlobalProtect
        Portals
        .
      2. Select the portal configuration that you want to modify.
      3. On the
        Agent
         tab, select the agent configuration from which to exclude categories, or
        Add
         a new one.
      4. Under
        Exclude Categories
        ,
        Add
         a new exclude category.
      5. Select
        patch-management
         as the
        Vendor
         and then
        Add
         the vendor.
      6. Specify the patch name or number <kb-article-id value> and optionally a date <MM/DD/YYYY> until which you want to exclude the patch updates from the HIP report.
        Use the following format:
        Exclude:[kb-article-id1: MM/DD/YYYY], [kb-article-id2: MM/DD/YYYY]
        Where
        kb-article
         value is the number in the attribute, example
        <kb-article-id>2267602</kb-article-id>
         and the
        MM/DD/YYYY
         specifies the date up to which the patch is excluded from the HIP report. If you do not set a date, the patch will be excluded from the HIP report indefinitely. If you choose to set a date, the patch will be excluded until the specified date.
        The Kb-article id should be in the same format displayed in the logs, for example:
        Repeat this step for each patch you want to exclude from the HIP report.
        If you want to exclude all patches from a specific vendor, you would just exclude the entire category instead of specifying specific patches.
    3. To save the settings, click
      OK
       and then
      Commit
       your changes.

    Recommended For You

    © 2024 Palo Alto Networks, Inc. All rights reserved.