Patch Management Release 3.7 

June 10, 2025

Ability to Save Vulnerabilities in a View     

You can now create a view and save the required vulnerabilities from the Eliminations tab to the view. You can select the priority of the view and assign users who can access the View. The created views appear on the new Views tab. You can also search the views using the QQL token search query. The view allows you to categorize the vulnerabilities based on the severities: Critical, High, Medium, and Low. This simplifies the task to create the required Mitigation, Isolation, Remediation, or Rollback jobs for those vulnerabilities.


           - You can save up to 200 vulnerabilities in a View. 
           - You can create a maximum of 1000 views per subscription. 



We have introduced the following new default Eliminate View permissions under the Vulnerability Management (VM) application:  

  • Create Eliminate View: Allows user to create a view.
  • Edit Eliminate View: Allows user to modify a view.
  • Read Eliminate View: Allows user to only read the details of a view.
  • Delete Eliminate Vi ew: Allows user to delete a view. 

Support Rollback for Partial Mitigation 

We now support rollback action for QIDs that are partially mitigated. You can search for the partially mitigated vulnerabilities using the token vulnerabilities. mitigated.state:Partial and create rollback mitigation job. This feature allows you to identify the partially mitigated QIDs and rollback them. 

New Permissions to Restrict the Pre and Post Actions in a Job  

We have introduced a new permission, Allow PM Pre/Post Action Access, assigned to a new role, Patch Action Manager, that is required to add or modify pre and post actions to all deployment jobs. Earlier, all users could add these actions to the deployment job. Now, we have restricted this access to specific users having the Patch Action Manager role for better security. To access these permissions, contact your administrator. 

 The existing users with Patch User and Patch Manager role will be automatically be assigned the Patch Action Manager role. 

Download Vulnerabilities Report from Eliminations Tab   

You can now download the vulnerabilities report required for the patch installations from the Eliminations tab through the Microsoft Endpoint Configuration Management ( MECM) plugin. Earlier, you could download this report only through the VMDR    >   Prioritization tab. Navigate to the Eliminations tab, select the vulnerabilities and from Actions menu, select the Patch with MECM option or click the Download icon.

Ability to Add All Tags in the Subscription  

You can now interact with all the tags that exist in your subscription. This feature allows you to add all tags in your subscription to the Dashboard, configuration profiles, licences, and patch jobs. Earlier, you could add only those  tags that were in your scope.

 Although you can add tags that are out of your user scope, only assets from those tags, that are in your scope are resolved.

To add all tags, the Super User must give you the View All Tags permissions. Contact your admin to get access to these permissions. 

View Details of Special Error Code 15 for the Failed Job 

You can now view the detailed information for the special error code (recognized by error code 15) that occurs when the patch installation job fails, although the reboot was completed. The failure details describe the reason, in addition to the error code and error message from the event viewer logs for each event. Please note that these are the probable event viewer errors.

These details save time navigating to the event viewer logs and help to recognize the reason for failure, providing details to troubleshoot the issue further. Navigate to the Job Progress page, from the Quick Actions menu, select View Details for the job status to view the details of the failed job.

 This feature will be available only with Cloud Agent version 6.2 and later. 

New Permissions to Restrict Global-Level Asset Exceptions 

We have introduced new permissions that restricts the configuration of asset isolation exceptions at the global level. With these permissions, users cannot add exceptions through the Configuration > Asset Isolation Exceptions tab at global level, but can add exceptions only at the Isolation job level.
These new permissions add restrictions to the users to make changes at global level, adding additional security at the isolation level.

You must select the check-boxes for the following new permissions to restrict  access at global level: 

  • Read Config for Quarantine Job 
  • Create, Edit, Config for Quarantine Job
  • Delete Config for Quarantine Job

New QQL Tokens

Refer to the following table to learn more about the new and updated tokens in this release.

Tab Token (New) Usage

 

 

Eliminations > Views

viewName  To find the view with the specified view name.
viewId To find views based on the specified Id.
viewType To find the GroupBy type of the view. The supported values are Vulnerability and Prioritization.
assignedTo.userName To find the users the view is assigned to using the specified username.
priority To find the views based on the specified priority. The supported values are Low, Medium, High, and Critical

API Release Updates

To know in detail about the APIs, see Patch Management API Release 3.7.