This article describes the instructions to follow in order to configure the auto-remediation options.
NOTE: Before performing the following instructions, please review the following article: Auto-Remediation Considerations
- Launch GFI LanGuard.
- From the computer tree, right-click a computer/computer group and select Properties.
- Select the Agent Status tab and from the Auto remediation settings, click on Change settings.
- Select the actions to take after receiving the scan results and click on Configure auto-remediation options.
- Configure the Before Deployment options.
- Configure the After Deployment options.
The following table describes the options available from the After Deployment tab:
Option Description Do not reboot/shutdown the computer Leave scan targets turned on after remediating vulnerabilities, even if patches require a reboot to be installed completely. Reboot the target computers only if required GFI LanGuard reboots a target machine only if at least one patch requires a reboot. If no patches require a reboot, a reboot is not executed. Reboot the target computers Always reboots computers after remediating vulnerabilities. Shut down the target computers Target machines shut down after deploying software. Immediately after deployment Reboots/shuts down computers immediately after remediating vulnerabilities. At the next occurrence of Specify the time when the computers reboot/shut down. When between Enables you to specify time and day values. If the remediation job is completed between the specified times (start time and end time), the computers reboot/shut down immediately. Otherwise, the reboot/shut down operation is postponed until the next entry into the specified time interval. Let the user decide Click Preview to view a screenshot of the dialog in the user manual. This dialog opens on the end user's computer after remediating vulnerabilities. Show notification before shut down for Shows a custom message on the end user’s computer for a specified number of minutes before reboot/shut down. Delete copied files from remote computers after deployment
Deletes the downloaded patches/service packs after they are deployed.
Run a patch verification scan after deployment
Verifies deployed patches, scanning target when the deployment process is complete.
- If the user chooses to reboot the computer after the deployment, the Patch Verification Scan occurs after the machine was restarted.
- If the user chooses to shut down the computer after deployment, the computer will be restarted and the Patch Verification Scan will shut down the computer.
Saves your configured settings and uses them during the next remediation job.
You can configure GFI LanGuard to notify and let the user decide when to reboot or shut down the computer after completing an administrative task.
The below dialog opens on the user’s computer and enables them to select one of the following options:
The table below describes the available options:
Option Description Restart now Reboots/shuts down the computer immediately after completing an administrative task. Remind me in Specify a time interval (in minutes), when to remind the end-user. Restart on Specify the date and time when the machine reboots/shuts down. Don’t bother me again The user is not prompted again.
- Configure the Advanced options.
The following table describes the options available from the Advanced tab:
Option Description Number of deployment threads
Specify the maximum number of processing threads allowed to start when deploying software updates. The number of threads determines the number of concurrent deployment operations an agent can handle.
Deployment timeout (seconds)
Specify the time (in seconds) an agent attempts to deploy an update. If the specified time is exceeded, the agent stops the unresponsive deployment and starts a new deployment thread.
This feature enables you to stop the process thread so that if an update is taking longer than normal deployment time, the remediation operation continues without jeopardizing the rest.
Deploy patches under the following administrative account Use a custom administrative account to log and deploy patches on target machines. The account selected must have Log–on as service privilege on the target computers.
- Click on OK to apply the changes.