KACE Systems Management Appliance 13.0 Common Documents - Administrator Guide

Configure OVAL Settings

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

Setting	Description
Labels	Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save. If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.   NOTE: The appliance uses a Replication Share before it uses the KACE Alt Location.
Devices	Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.
Operating Systems	Select the operating systems you want to deploy to. a. Click Manage Operating Systems. b. In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable. You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

View the OVAL vulnerability report

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

Setting	Description
Labels	Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save. If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.   NOTE: The appliance uses a Replication Share before it uses the KACE Alt Location.
Devices	Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.
Operating Systems	Select the operating systems you want to deploy to. a. Click Manage Operating Systems. b. In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable. You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

Apply labels to affected devices

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

Setting	Description
Labels	Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save. If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.   NOTE: The appliance uses a Replication Share before it uses the KACE Alt Location.
Devices	Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.
Operating Systems	Select the operating systems you want to deploy to. a. Click Manage Operating Systems. b. In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable. You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.

View the OVAL Report

Understanding OVAL tests and definitions

OVAL definitions contain the information required to perform OVAL tests. This information can include checks for registry entries, file versions, and WMI (Windows Management Instrumentation) data.

OVAL test definitions pass through a series of phases before being released. Depending on where a definition is in this process, it is assigned one of the following status values:

Other possible status values include:

For more information about the stages of OVAL definitions, go to http://cve.mitre.org.

When OVAL tests are enabled, all available OVAL tests run on the target devices.

OVAL test details do not indicate the severity of the vulnerability. Use your own judgment to determine whether to test your network for the presence of a particular vulnerability.

View OVAL tests and definitions

You can view OVAL tests and definitions in the Administrator Console.

The table at the bottom of the OVAL Tests: Definition page displays the list of devices in your network that contain the vulnerability. For convenience, a printer-friendly version of this data is available.

Running OVAL tests

The appliance runs OVAL tests automatically based on the schedule specified in OVAL Settings.

It takes approximately one hour to run OVAL tests. In addition, OVAL Tests consume a large amount of memory and CPU resources, which might affect the performance of target devices. To minimize the disruption to users, run OVAL tests weekly or monthly and during hours when users are least likely to be inconvenienced.

In addition, you can run OVAL tests manually by logging in to the device as Administrator and running debug.bat. This file is usually located in the program data directory. For example: C:\ProgramData\Quest\KACE\kbots_cache\packages\kbots\9

Using labels to restrict OVAL tests

If you are running OVAL tests periodically or if you want to obtain the OVAL test results for only a few devices, you can assign a label to those devices. You can then use the Run Now function to run OVAL tests on those devices only.

For more information about using labels, see About labels.

Understanding OVAL updates

The appliance checks for new OVAL definitions every night, but you should expect new definitions every month. If OVAL tests are enabled, the appliance downloads new OVAL definitions to all managed devices during the next scripting update whenever a new package becomes available, regardless of the OVAL schedule settings.

The OVAL update ZIP file can be more than 30 MB in size — large enough to impact the performance of devices with slow connections. The ZIP file includes both 32- and 64-bit versions of the OVAL Interpreter and uses the correct version for the device. The OVAL Interpreter requires Microsoft .NET Framework and supports both the full (“Extended”) and Client Profile versions.

Configure OVAL Settings

To run OVAL tests, you must enable OVAL, select target devices and operating systems, and establish a run schedule.

OVAL tests require extensive resources and can affect the performance of target devices. Therefore, exercise caution when configuring OVAL settings.

Setting	Description
Labels	Limit deployment to devices that belong to specified labels. To select labels, click Edit, drag labels to the Limit Deployment to window, then click Save. If you select a label that has a Replication Share or an alternate download location, the appliance copies digital assets from that Replication Share or alternate download location instead of downloading them directly from the appliance.   NOTE: The appliance uses a Replication Share before it uses the KACE Alt Location.
Devices	Limit deployment to specific devices. In the drop-down list, select the devices to which you want to deploy the application. To filter the list, type a few characters in the Devices field. The number next to the field indicates the number of devices available. Scoped users can see only those devices that are associated with their role, when the role is assigned a label. For more information about user roles, see Add or edit User Roles.
Operating Systems	Select the operating systems you want to deploy to. a. Click Manage Operating Systems. b. In the Operating Systems dialog box that appears, select the OS versions in the navigation tree, as applicable. You have an option to select OS versions by their family, product, architecture, release ID, or build version. You can choose a specific build version, or a parent node, as needed. Selecting a parent node in the tree automatically selects the associated child nodes. This behavior allows you to select any future OS versions, as devices are added or upgraded in your managed environment. For example, to select all build current and future versions associated with the Windows 10 x64 architecture, under All > Windows > Windows 10, select x64.

View the OVAL vulnerability report

The OVAL Report page shows the OVAL tests that have been run since the last time the OVAL definitions were updated.

OVAL results are deleted from this page when OVAL definitions are updated. To save the results, schedule an OVAL device report to run periodically. See Add report schedules.

Apply labels to affected devices

From the Test detail view, you can view all the devices that failed the OVAL test, and you can assign a label to those devices so that you can patch them later.

View the OVAL Report

The OVAL Device Compliance page shows a list of devices with OVAL test results. Here, you can view a summary of tests that were run on specific devices.

The label under the Device column in the OVAL Computer Report page is the inventory ID assigned by the appliance Inventory component.

For more information about any of the devices in the report, click the linked device name to navigate to the device detail page.