CVE and Patch Cleanup
CVE Cleanup
The CVE Cleanup setting is applicable to both, the CVE data and the CVE trend data.
Using this setting you can specify the number of years after which the CVE data (unmodified CVEs) and the historical trend data stored for the CVEs are deleted from ZENworks.
By default, the value is configured as 5 years. Hence, CVEs that have not been modified for 5 years, along with the historical CVE trend data of 5 years are deleted from ZENworks.
To delete the CVE data and the CVE trend data sooner or later than the default 5 years, you can specify the required value in the Delete CVE data after field.
The CVE Cleanup will be performed during the next subscription run.
NOTE:The CVE trend data is stored for a maximum of 10 years and it is calculated from the time when Vertica was configured in the zone. Hence, if you specify the CVE Cleanup as a value above 10, for example, 14 years, the unmodified CVEs will be deleted after 14 years, but the historical trend data will be deleted after 10 years.
Disabled Patch Cleanup
Using this section, you can specify when the data and content along with the historical trend data for a disabled patch are deleted from ZENworks. This setting includes the following options:
-
Delete disabled patch content after: Specify when to delete the content files, such as the cached bundles for disabled patches.
IMPORTANT:Applicable bundles are not deleted until the next subscription update.
To see if a patch has dependencies on a deployed bundle from a patch policy or remediation, reference the services-messages log, which shows the patches that cannot be automatically or manually deleted because of dependencies. The location of the log is provided below:
-
Linux: /var/opt/novell/log/zenworks/services-messages.log
-
Windows: %ZENWORKS_HOME%\logs\services-messages.log
-
-
Delete disabled patch data after: Specify when to delete the patch data, which includes information about the number of patched and not patched devices and also includes the historical trend data. Retaining this data for as long as you retain the CVE data will ensure that the CVE Tracker and other functionalities that display the data continue to display accurate information.
NOTE:The Patch trend data is stored for a maximum of 10 years. Hence, if you specify the Delete disabled patch data after as a value above 10, for example, 14 years, the disabled patches will be deleted after 14 years, but the historical trend data will be deleted after 10 years. The disabled patch cleanup will be performed during the next subscription run.
Superseded Patches Disablement
Using this setting you can delay the disabling of superseded patches. This setting includes the following options:
-
Delay the disabling of superseded patches for: Specify for how long you want to delay the disabling of superseded patches. The options include 30, 60 and 90 days. This setting is NOT recommended as postponing patch updates that are superseded increases the risk to your environment.
-
Do not disable superseded patches that are included in a policy: Select this option to indefinitely postpone the disabling of patches that are included in a policy.
It is recommended that customers disable patches that they no longer require, because this minimizes the volume of patch scan data stored each day, as well as the time taken to scan each of the endpoint devices.
NOTE:Both configuration options are not retroactive. If you apply the policy settings after a superseded patch is disabled, you must re-enable the patch manually for the newly configured settings to apply.
Patches Disablement
Using this setting you can configure the system to only have applicable patches available for selection while creating patch policies. Content is disabled within the system based on the selected criteria. These options are useful to filter out obsolete content and enhance performance. All options are selected by default.
For trademark and copyright information, see Legal Notice.