You can now configure the GlobalProtect app to exempt specific security patches from being reported as missing from the endpoint HIP report to prevent the endpoint from failing the HIP check in cases where patch updates happen frequently (for example some companies update their patches multiple times a day with threat updates). When you enable this feature, you can specify specific patches to exclude from the HIP report and the duration for which you want to exclude them. For certain patches, you might want to exclude them from the HIP report permanently if you don’t require them in your environment. For other patches, such as those that get updated frequently by the vendor, you might just want to exclude for a day or less to ensure that end users aren’t getting blocked from accessing the resources they need whenever a patch update happens, but you also want to verify that they’re patching their devices regularly.