Patch Management Release 3.7
June 24, 2025
Ability to Save Vulnerabilities in a View 
You can now create a view and save the required vulnerabilities from the Eliminations tab to the view. You can select the priority of the view and assign users who can access the View. The created views appear on the new Views tab. You can also search the views using the QQL token search query. The view allows you to categorize the vulnerabilities based on the severities: Critical, High, Medium, and Low. This simplifies the task to create the required Mitigation, Isolation, Remediation, or Rollback jobs for those vulnerabilities.
- You can save up to 200 vulnerabilities in a View.
- You can create a maximum of 1000 views per subscription.
We have introduced the following new default Eliminate View permissions under the Vulnerability Management (VM) application:
- Create Eliminate View: Allows user to create a view.
- Edit Eliminate View: Allows user to modify a view.
- Read Eliminate View: Allows user to only read the details of a view.
- Delete Eliminate View: Allows user to delete a view.
Support Rollback for Partial Mitigation
We now support rollback action for QIDs that are partially mitigated. You can search for the partially mitigated vulnerabilities using the token vulnerabilities. mitigated.state:Partial and create rollback mitigation job. This feature allows you to identify the partially mitigated QIDs and rollback them.
New Permissions to Restrict the Pre and Post Actions in a Job
We have introduced a new permission, Allow PM Pre/Post Action Access, assigned to a new role, Patch Action Manager, that is required to add or modify pre and post actions to all deployment jobs. Earlier, all users could add these actions to the deployment job. Now, we have restricted this access to specific users having the Patch Action Manager role for better security. To access these permissions, contact your administrator.
The existing users with Patch User and Patch Manager role will be automatically be assigned the Patch Action Manager role.
Download Vulnerabilities Report from Eliminations Tab
You can now download the vulnerabilities report required for the patch installations from the Eliminations tab through the Microsoft Endpoint Configuration Management (MECM) plugin. Earlier, you could download this report only through the VMDR > Prioritization tab. Navigate to the Eliminations tab, select the vulnerabilities and from Actions menu, select the Patch with MECM option or click the Download icon.
Ability to Add All Tags in the Subscription
You can now interact with all the tags that exist in your subscription. This feature allows you to add all tags in your subscription to the Dashboard, configuration profiles, licences, and patch jobs. Earlier, you could add only those tags that were in your scope.
Although you can add tags that are out of your user scope, only assets from those tags, that are in your scope are resolved.
To add all tags, the Super User must give you the View All Tags permissions. Contact your admin to get access to these permissions.
View Details of Special Error Code 15 for the Failed Job
You can now view the detailed information for the special error code (recognized by error code 15) that occurs when the patch installation job fails, although the reboot was completed. The failure details describe the reason, in addition to the error code and error message from the event viewer logs for each event. Please note that these are the probable event viewer errors.
These details save time navigating to the event viewer logs and help to recognize the reason for failure, providing details to troubleshoot the issue further. Navigate to the Job Progress page, from the Quick Actions menu, select View Details for the job status to view the details of the failed job.
This feature will be available only with Cloud Agent version 6.2 and later.
New Permissions to Restrict Global-Level Asset Exceptions
We have introduced new permissions that restricts the configuration of asset isolation exceptions at the global level. With these permissions, users cannot add exceptions through the Configuration > Asset Isolation Exceptions tab at global level, but can add exceptions only at the Isolation job level.
These new permissions add restrictions to the users to make changes at global level, adding additional security at the isolation level.
You must select the check-boxes for the following new permissions to restrict access at global level:
- Read Config for Quarantine Job
- Create, Edit, Config for Quarantine Job
- Delete Config for Quarantine Job
New QQL Tokens
Refer to the following table to learn more about the new and updated tokens in this release.
| Tab | Token (New) | Usage |
|---|---|---|
|
Eliminations > Views |
viewName | To find the view with the specified view name. |
| viewId | To find views based on the specified Id. | |
| viewType | To find the GroupBy type of the view. The supported values are Vulnerability and Prioritization. | |
| assignedTo.userName | To find the users the view is assigned to using the specified username. | |
| priority | To find the views based on the specified priority. The supported values are Low, Medium, High, and Critical. |
Issues Addressed
The following reported and notable customer issues are fixed in this release.
| Component/Category | Description |
|
PM - Job Windows |
We fixed an issue where the script with a digital signature configured as a pre-action in a deployment job failed. The issue occurred as the blank line at the end of the script got deleted. |
|
PM - Linux_Content |
We fixed an issue where the Assets > Linux tab displayed no missing patches for the Amazon Linux 2023 assets, even though the assets had missing patches. Now, the Assets > Linux tab displays the correct number of missing patches for the Amazon Linux 2023 assets. |
API Release Updates
For more details on the API updates for this release, see Patch Management API Release 3.7.