Home » Features » <a href="/vulnerability-management/features.html">Features</a> » How to Perform Vulnerability Assessment and Patch Remediation in the Same Console

How to Perform Vulnerability Assessment and Patch Remediation in the Same Console

Key Points
Introduction: Explains why combining vulnerability assessment and patch remediation in the same console removes delays and improves security workflows.
How Vulnerability Manager Plus integrates assessment and remediation: Shows how VMP identifies vulnerabilities and enables corresponding remediation from the same interface.
Quick Setup: Provides step by step console navigation to configure continuous vulnerability scanning and prepare the system for patch remediation.

Introduction

When organizations rely on separate tools for vulnerability assessment and patch remediation, delays arise between detection and resolution. Vulnerability Manager Plus eliminates this gap by performing both assessment and patch deployment workflows within a single console. A proper initial setup ensures that vulnerabilities are detected continuously and remediated efficiently.

Close security gaps before they’re exploited!

Secure your devices

How Vulnerability Manager Plus integrates assessment and remediation

Vulnerability Manager Plus combines continuous vulnerability assessment with integrated patch deployment, allowing users to detect issues, prioritize opportunities for remediation, and deploy updates from the same interface.

Vulnerability assessment

After agents are installed and patch scanning is enabled, VMP scans endpoints for missing patches, CVEs, zero day issues, and misconfigurations. These unified scans run automatically during events such as database updates, patch installation, reboots, and agent onboarding, ensuring vulnerability data remains accurate.

Patch remediation

From vulnerability views, users can deploy patches directly to affected endpoints, apply workarounds if patches are unavailable, and automate routine patching tasks. This direct remediation ensures that detected vulnerabilities can be resolved without leaving the product.

Quick Setup

Follow these steps to configure your console so that vulnerability assessment and patch remediation operate seamlessly together.

Step 1: Configure vulnerability database synchronization

  1. Navigate to AdminPatch SettingsPatch Database Settings.
  2. Select the patch categories and applications to include in assessments.
  3. Enable scheduled vulnerability database sync and configure update frequency.
  4. Save the settings. After each sync, VMP triggers automatic patch and vulnerability scans during agent refresh.

For more details, refer Vulnerability Scanning.

Step 2: Install agents and enable patch scanning

  1. Navigate to AdminAgent Settings.
  2. Enable Perform Patch Scanning for all newly installed agents.
  3. Deploy agents across all endpoints. Once installed, devices automatically participate in vulnerability scans and remediation workflows.

Step 3: Confirm patch and vulnerability scans

  1. Go to Systems > Scan Systems.
  2. Verify that endpoints display recent scan timestamps.
  3. Select devices and choose Scan Now if immediate assessment data is required before deploying patches.
  4. Compare insights from both report types to verify that remediation activities are progressing as planned and to refine remediation schedules or priorities.

Step 4: Automatic unified scanning

VMP automatically performs unified patch and vulnerability scans whenever:

  • A vulnerability database sync completes
  • Patches are installed
  • Reboots occur after deployment
  • A newly installed agent communicates with the server

This ensures you always have current data before applying patches.

Step 5: Create a Deployment Policy

A Deployment Policy controls how patches are deployed to endpoints. It defines installation behavior, reboot rules, deployment windows, and user notifications. This policy can later be attached to both manual deployments and Automated Patch Deployment tasks.

  1. Navigate to DeploymentDeployment Policies.
  2. Select the option Create Policy.
  3. Define the deployment window, configuring when patches are allowed to install on target systems.
  4. Configure Pre-deployment Activities and Post-deployment Activities as per requirement.
  5. Set user notifications, if applicable, to inform end users about upcoming patch installations or restarts.
  6. Review all selected settings and save the deployment policy.

Step 6: Configure Automated Patch Deployment (APD)

Automated Patch Deployment allows VMP to automatically identify and deploy approved patches based on the settings you choose.

  1. Navigate to DeploymentAutomate Patch Deployment.
  2. Select the option to create a new Automated Patch Deployment task.
  3. Choose target groups or systems.
  4. Select patch types and classifications that should be deployed.
  5. Configure deployment frequency, installation windows, and reboot preferences.
  6. Save the policy. VMP will now deploy approved patches automatically and rescan devices to validate remediation.

Once created, APD automatically deploys approved patches at the configured intervals and then rescans devices to update vulnerability status in the same console.

Step 7: Configure reporting to support assessment and remediation

  1. Navigate to ReportsScheduled Reports.
  2. Configure recurring reports summarizing missing patches and vulnerabilities.
  3. Use Executive Reports and Predefined Reports to monitor exposure levels and remediation progress.

Start your 30-day free trial and protect unlimited endpoints with end to end vulnerability scanning, prioritization, and mitigation.