Ensuring that Windows Server Updates Are Installed

Windows Server Update Services (WSUS) allows administrators to deploy the latest Microsoft product updates.The WSUS compliance check ensures that Windows update are installed on the Endpoint Security client computer. You can restrict network access of the client computer if Windows updates have not been installed within a specified number of days. Alternatively, you can warn the user by means of a pop-up message without restricting access, or log the non-compliance event without restricting or informing the user

To configure the WSUS compliance check:

  1. In the Policy tab Compliance ruleClosed Set of traffic parameters and other conditions in a Rule Base (Security Policy) that cause specified actions to be taken for a communication session., right-click the Windows Server Update Services action

  2. Select one of the following preset actions. An action happens if Windows updates have not been installed on the Endpoint Security client computer for a specified number of days (90 days by default):

    Preset Action

    Meaning

    Restrict if Windows Server Updates are not installed

    Restrict the network access of the user.

    Observe Windows Server Update Services

    Create a log, and show a warning message to the user.

    Monitor Windows Server Update Services

    Create a log. The user is not notified.

    Do not check Windows Server Update Services

    No compliance check. This is the default.

  3. Optional:  The compliance check makes sure that the Windows updates have been installed within a specified number of days (90 by default). To change the number of days,

    1. Right-click the Windows Server Update Services action.

    2. Select Edit Shared Action.

    3. Change the number of days in Windows updates must be installed within.