Xcitium Enterprise

• Introduction To Xcitium Enterprise - Endpoint Protection Platform
  • Key Concepts
  • Best Practices
  • Login Into The Admin Console
  • Upgrade To Full Version
• The Admin Console
• The Dashboards
• CNAPP Dashboard
• ROI Dashboard
• Devices And Device Groups
  • Manage Device Groups
    • Create Device Groups
    • Edit A Device Group
    • Assign Configuration Profiles To A Device Group
    • Remove A Device Group
    • Run Procedures On Device Groups
  • Manage Devices
    • Add New Devices
    • Manage Windows Devices
      • View And Edit Device Name
      • View Summary Information
      • View Network Information
      • View And Manage Profiles Associated With A Device
      • View Maintenance Windows Associated With A Device
      • View And Manage Applications Installed On A Device
      • View The Files On A Device
      • View Exported Configurations And Import Profiles
      • View MSI Files Installed On A Device Through Xcitium
      • View And Manage Patches For Windows And 3rd Party Applications
      • View Antivirus Scan History
      • View And Manage Device Group Memberships
      • View Device Logs
    • Manage Mac OS Devices
      • View And Edit Mac OS Device Name
      • Summary Information Of Mac Device
      • View Installed Applications
      • View Quarantined Files On Mac OS Device
      • View And Manage Profiles Associated With A Device
      • View Packages Installed On A Device Through Xcitium
      • View And Manage Device Group Memberships
      • View Mac Device Logs
    • Manage Linux Devices
      • View And Edit Linux Device Name
      • Summary Information Of Linux Device
      • View Network Information Of A Linux Device
      • View And Manage Profiles Associated With A Linux Device
      • View Linux Packages Installed On A Device Through Dragon
      • View And Manage Device Group Memberships
    • Manage Android Devices
      • View And Edit Device Name
      • View Summary Information
      • Manage Installed Applications
      • View And Manage Profiles Associated With A Device
      • View Sneak Peek Pictures To Locate Lost Devices
      • View The Location Of The Device
      • View And Manage Device Group Memberships
    • Manage IOS Devices
      • View And Edit Device Name Of An IOS Device
      • View Summary Information Of An IOS Device
      • View Applications Installed On An IOS Device
      • View And Manage Profiles Associated With An IOS Device
      • View The Location Of An IOS Device
      • View And Manage Group Memberships Of An IOS Device
    • View User Information
    • Remote Management Of Windows And Mac OS Devices
      • Transfer Items To / From The Remote Computer
    • Remotely Manage Folders And Files On Windows Devices
    • Manage Processes On Remote Windows Devices
    • Manage Services On Remote Windows Devices
    • Use The Command Prompt On Remote Windows Devices
    • View Event Logs On Remote Windows Devices
    • Apply Procedures To Windows And Mac Devices
    • Remotely Install And Manage Packages On Windows Devices
    • Remotely Install Packages On Mac OS Devices
    • Remotely Install Packages On Linux Devices
    • Send Enrollment Link To IOS Devices
    • Generate An Alarm On Android Devices
    • Remotely Lock Mobile And Mac OS Devices
    • Wipe Selected Mobile And Mac Devices
    • Assign Configuration Profiles To Selected Devices
    • Set / Reset Screen Lock Password For Mobile Devices
    • Update Device Information
    • Send Text Messages To Mobile Devices
    • Restart Selected Windows Devices
    • Change A Device's Owner
    • Change The Ownership Status Of A Device
    • Add Custom Notes And Tags On Devices
    • Remove A Device
    • Generate Device List Report
    • Manage Isolate And Release From Isolation
  • Bulk Enrollment Of Devices
    • Enroll Windows, Mac OS And Linux Devices By Installing The Communication Client
      • Enroll Windows Devices Via AD Group Policy
      • Enroll Windows, Mac OS And Linux Devices By Offline Installation Of Agent
      • Enroll Windows Devices Using Auto Discovery And Deployment Tool
    • Enroll Android And IOS Devices Of AD Users
  • Download And Install The Remote Control Tool
• Cloud Workloads
• Cloud Assets
• Cloud Security
  • View Vulnerabilities Findings
  • Registry Scan
  • CSPM Executive Dashboard
  • Compliance Summary
  • CWPP Dashboard
  • App Behavior
  • Manage Policies
  • Remediation
  • View Alerts
  • Manage Triggers
  • View Reports
• Users And User Groups
  • Manage Users
    • Create New User Accounts
      • Manually Add Users
      • Import Users From A CSV File
    • Enroll User Devices For Management
      • Enroll Android Devices
      • Enroll IOS Devices
      • Enroll Windows Endpoints
      • Enroll Mac OS Endpoints
      • Enroll Linux OS Endpoints
    • View User Details
      • Update The Details Of A User
    • Assign Configuration Profiles To User Devices
    • Remove A User
    • Generate New Password For A User
    • Reset Two Factor Authentication Token For A User
    • Run Procedures On User Devices
  • Manage User Groups
    • Create A New User Group
    • Edit A User Group
    • Assign Configuration Profiles To A User Group
    • Remove A User Group
    • Run Procedures On User Group Devices
  • Configure Role Based Access Control For Users
    • Create A New Role
    • Manage Permissions And Users Assigned To A Role
    • Remove A Role
    • Manage Roles Assigned To A User
• Configuration Templates
  • Create Configuration Profiles
    • Profiles For Android Devices
    • Profiles For IOS Devices
    • Profiles For Windows Devices
      • Create Windows Profiles
        • Associated Devices Settings
        • Antivirus Settings
        • Communication Client And Xcitium Client - Security Application Update Settings
        • File Rating Settings
        • Firewall Settings
        • HIPS Settings
        • Containment Settings
        • Maintenance Window Settings
        • VirusScope Settings
        • Xcitium Verdict Cloud
        • Global Proxy Settings
        • Client Proxy Settings
        • Agent Discovery Settings
        • Communication Client And Xcitium Client - Security Application UI Settings
        • Logging Settings
        • Client Access Control
        • External Devices Control Settings
        • Monitors
        • Procedure Settings
        • Remote Control Settings
        • Remote Tools Settings
        • Miscellaneous Settings
        • Script Analysis Settings
        • Data Loss Prevention Settings
        • Patch Management Settings
        • Performance Settings
        • Thumbnails Settings
        • Chat Settings
        • Applications Settings
      • Import Windows Profiles
    • Profiles For Mac OS Devices
      • Create A Mac OS Profile
        • Antivirus Settings For Mac OS Profile
        • Certificate Settings For Mac OS Profile
        • Restrictions Settings For Mac OS Profile
        • VPN Settings For Mac OS Profile
        • Wi-Fi Settings For Mac OS Profile
        • Remote Control Settings For Mac OS Profile
        • External Device Control Settings For Mac OS Profile
        • Valkyrie Settings For MacOS Profile
        • Procedure Settings For Mac Profiles
        • Monitor Settings For Mac OS Profile
    • Profiles For Linux Devices
      • Create A Linux Profile
        • Antivirus Settings For Linux Profile
        • Communication Client And XcitiumClient - Security Application Update Settings For Linux Profile
        • User Interface Settings For Linux Profile
        • Logging Settings For Linux Profile
        • Clients Access Control Settings For Linux Profile
        • Valkyrie Settings For Linux Profile
  • View And Manage Profiles
    • Export And Import Configuration Profiles
    • Clone A Profile
  • Edit Configuration Profiles
  • Manage Default Profiles
  • Manage Alerts
    • Create A New Alert
    • Edit / Delete An Alert
  • Manage Procedures
    • View And Manage Procedures
    • Create A Custom Procedure
    • Combine Procedures To Build Broader Procedures
    • Review / Approve / Decline New Procedures
    • Add A Procedure To A Profile / Procedure Schedules
    • Import / Export / Clone Procedures
    • Change Alert Settings
    • Apply Procedures To Devices
    • Edit / Delete Procedures
    • View Procedure Results
  • Manage Monitors
    • Create Monitors And Add Them To Profiles
      • Monitors For Windows Devices
      • Monitors For Mac OS Devices
    • View And Edit Monitors
  • Data Loss Prevention Rules
    • Create DLP Discovery Rules And Add Them To Profiles
    • View And Edit DLP Discovery Rules
    • Create DLP Monitoring Rules And Add Them To Profiles
    • View And Edit DLP Monitoring Rules
• Security Systems
  • View Alerts And Security Events
    • View Alerts And Security Events By Time
    • View Alerts And Security Events By Files
    • View Alerts And Security Events By Device
    • Alert Policy
    • Suppression Rule
  • Investigate Events
    • Search Events By Query
    • Search Events By File
    • Search Events By Device
    • View Android Threat History
    • Process Timeline
  • Endpoint Security Status
    • Run Antivirus And/or File Rating Scans On Devices
    • Handle Malware On Scanned Devices
    • Update Virus Signature Database On Windows, Mac OS And Linux Devices
  • View And Manage Blocked Threats
  • View And Manage Quarantined Items
  • View Contained Threats
  • View And Manage Autorun Items
  • Manage File Trust Ratings On Windows Devices
    • File Ratings Explained
  • View List Of File Verdicts
  • View History Of External Device Connection Attempts
  • Data Loss Prevention Scans
    • DLP Logs
    • DLP Quarantined Files
• Network Management
  • Create And Run Network Discovery Tasks
  • Manage Profiles For Network SNMP Devices
  • Manage Network Devices
    • Manage SNMP Devices
      • SNMP Device Details Interface
    • Discovered Devices
  • Manage Network Monitors
• Software Inventory
  • View Applications Installed On Android And IOS Devices
    • Blacklist And Whitelist Applications
  • Patch Management
    • Manage OS Patches On Windows Endpoints
    • Install 3rd Party Application Patches On Windows Endpoints
      • Xcitium Supported 3rd Party Applications
  • View And Manage Applications Installed On Windows Devices
    • Uninstall A Windows Application From Selected Devices
    • Uninstall A Windows Application From All Devices
  • Vulnerability Management
• Management Settings
  • Account Management
  • License Management
    • Manage Your Licenses
    • License Allocations
    • Bill Forecast
• Configure Xcitium Enterprise
  • Email Notifications, Templates And Custom Variables
    • Configure Email Templates
    • Configure Email Notifications
    • Create And Manage Custom Variables
    • Create And Manage Registry Groups
    • Create And Manage COM Groups
    • Create And Manage File Groups
    • Create And Manage Tags
  • Xcitium Enterprise Portal Configuration
    • Import User Groups From LDAP
    • Configure Portal Settings
    • Configure Communication And Security Client Settings
      • Configure The Xcitium Android Client
        • Configure Android Client General Settings
        • Configure Android Client Antivirus Settings
        • Add Google Cloud Messaging (GCM) Token
      • Add Apple Push Notification Certificate
      • Configure Windows Clients
        • Configure Communication Client Settings
        • Configure Client Security Settings
    • Manage Xcitium Enterprise Extensions
    • Configure Xcitium Enterprise Reports
    • Device Removal Settings
    • Account Security Settings
    • Set-up Administrator's Time Zone And Language
    • Configure Audit Log Settings
  • Dashboard Settings
  • Cloud Security Settings
    • Manage Cloud Accounts
      • Amazon Web Server (AWS) Account Onboarding
      • Google Cloud Platform (GCP) Account Onboarding
      • Microsoft Azure Account Onboarding
    • Manage Cluster
    • Configure Integrations
      • CWPP
      • CSPM
      • Registry
      • S3 Data Source
    • Create And Manage Labels
    • Create And Manage Tags
    • Create And Manage Groups
    • Configure Ticket Template
  • Data Protection Templates
    • View And Manage Pattern Variables
    • View And Manage Keyword Groups
  • View Version And Support Information
  • Alert Notification Settings
• Appendix 1a - Xcitium Services - IP Nos, Host Names And Port Details - EU Customers
• Appendix 1b - Xcitium Services - IP Nos, Host Names And Port Details - US Customers
• Appendix 2 - Pre-configured Profiles
• Appendix 3 - Default Xcitium Security Policy Details
• About Xcitium

Manage OS Patches on Windows Endpoints

Click 'Software Inventory' > 'Applications' > 'Patch Management' > 'Operating System' tab

• The operating system tab lets you deploy and manage OS updates on Windows devices.
  

• Xcitium checks Microsoft update servers for available Windows patches and lists them in the interface. You can deploy patches to devices as required. You can also uninstall patches from devices if required.
  

• Patches need to be approved for deployment. You can choose to decline / approve patches. By default, patches are automatically approved.
  

• The interface shows details about each patch, including patch classification, the Windows component to which it applies, release date, severity, previous versions, Microsoft bulletins and number of endpoints which require the patch.
  

• You can filter patches by device groups.
  

• You can hide patches if you do not want to deploy them. Hidden patches will not be available for deployment in the 'Device Management' screen and will not be executed if added to a patch procedure.
  

• You can also create procedures to deploy operating system and 3rd party application patches. The procedures can be added to profiles to automatically install any new patches.
  

• You can also generate reports on the current patch status of your Windows devices.

Manage operating system patches

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab 

• Select a group to view updates for its devices

Or

• Select 'Show all' to view every available Windows updates

 

Column Heading	Description
Title	The descriptive name of the patch. Click the name to view patch details. See View Patch Details for more information on this interface.
KB	The knowledgebase article number that describes the patch. Click the number to view the Microsoft Knowledgebase article on the patch.
Bulletin	The Microsoft Bulletin number that contains details about the patch release. Click the number to view the patch bulletin.
Classification	The category of the patch. The possible values are: Update - Fixes a specific non-critical problem, but not a security-related bug. Definition update - Contains updates to a product's definition database. For example, an update to the virus signature database for Windows Defender. Critical Update - Fixes a specific, critical OS problem or a critical security-related bug. Security update - Fixes a version specific, security related vulnerability. Update rollup - Contains a collection of hotfixes, security updates, critical updates, and updates packaged together for easy deployment. These updates generally target a specific Windows component. Driver - Adds software for controlling peripherals or add-on devices that could be connected to the endpoint. Feature pack - Adds new functionality distributed after an OS release. Service pack - Contains a collection of hotfixes, security updates, critical updates, updates, and additional fixes. Tool - Installs a utility or feature for a specific task or a set of tasks. Upgrades - Updates the Windows OS version on the endpoint to the latest build.
Product	The Windows component to which the patch applies.
Severity	The criticality of the patch. The possible levels are: Critical Important Low Moderate Unspecified
Status	Indicates whether the patch is ready for deployment. The statuses are: Auto-Approved -You can install the patch Approved -You can install the patch Declined - You cannot deploy the patch Waiting for approval - You cannot install the patch
Reboot	Whether or not the endpoint requires a restart to complete the patch installation.
Not Installed	The number of managed endpoints on which the patch is yet to be installed. Click the number to view the patch details screen at the 'Device List' tab. See the explanation of View Details of a Patch for more details on the 'Patch Details' screen. The 'Device List' tab shows devices to which the patch is relevant. You can deploy the patch to those devices which need it. See Install a patch on selected endpoints for more details.
Installed	The number of managed endpoints on which the patch has already been installed. Click the number to view the patch details screen at the 'Device List' tab. See View Details of a Patch for more details on the 'Patch Details' screen. The 'Device List' tab shows devices along with the installation status of the selected patch. You can select devices on which the patch is required and start the installation process. See the explanation of Install a patch on selected endpoints for more details.
Release Date	The date on which the patch was released by Microsoft.
Controls
Install Patch(es)	Deploy selected patches to all devices on which they are yet to be installed. See Install selected patches on all managed endpoints at once for more details.
Uninstall Patch(es)	Remove selected patches from all devices on which they are installed. See Uninstall selected patches from all managed endpoints at once for more details.
Hide Patch(es)	Conceal selected patches that you do not want to be deployed onto enrolled endpoints. Hidden patches will not be visible in the 'Device Management' screen and will not be executed as well if added to a patch procedure.
Unhide Patch(es)	Reveal all hidden patches.
Export	Generate current patch statuses for the devices. See Generate Patch Statuses Report.
Create Patch Procedure	Add a new procedure capable of auto-installing patches on your endpoints. The procedure can be added to a profile and scheduled to install specific updates at specific times. See Create a New Patch Procedure for more.
Schedule Patch Procedure	Takes you to the 'Profiles' interface in Xcitium. You can add a procedure to a profile which will install your selected updates onto your endpoints. See Procedure Settings in Profiles for Windows Devices for guidance on this.
Show hidden patch(es)	Reveal all hidden patches so they can be potentially deployed.
Approve	Only permitted patches are installed. See Approve / decline a Windows OS patch for more details.
Decline	Unapproved patches are not installed. See Approve / decline a Windows OS patch for more details.
Auto Approve	You can set the patches to be automatically approved. Enabled - Newly listed patches are automatically approved.   Disabled - The status for newly listed patches shows as 'waiting for approval'. Disable this if you want to evaluate the patch and then approve / decline.

• Click any column header to sort the items in ascending/descending order of the entries in that column.

The 'Operating System Patch Management' interface allows you to:

• View Details of a Patch
  

• Hide Patches
  

• Restore Hidden Patches
  

• Install selected patches on all managed endpoints at once
  

• Install a patch on selected endpoints
  

• Uninstall selected patches from all managed endpoints at once
  

• Create a New Patch Procedure
  

• Approve / decline a Windows OS patch
  

• Search specific patches in the Patch Management interface
  

• Generate Patch Statuses Report

View Details of a Patch

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab 

• Select a group to view the list of patches and Windows updates available for its devices

Or

• Select 'Show all' to view a list of all available patches and Windows updates

• Click the name of a patch to open its patch details screen.

The details of the patch are displayed under six tabs:

• General - Shows the name and general description, version number, severity as set by the vendor, release date and a link to the knowledgebase (KB) article for the patch release
  

• Vendor - Indicates the publisher of the patch, with a link to the support page for the patch from the vendor
  

• Supercedes - Contains information on previous patches that are replaced by this patch
  

• Bulletin - Contains the Bulletin ID and a short summary of the bulletin published by the vendor for the patch
  

• CVE IDs - Displays the Common Vulnerabilities and Exposure (CVE) Identity numbers set for the patch by the vendor
  

• Device List - The list of managed Windows endpoints with the installation status of the patch on them. You can install the patch on selected the endpoints from the list. See Install a patch on selected endpoints for more details.

Hide Patches

• You can hide those patches that you do not want to be rolled out to the endpoints, from the list.
  

• These patches will also be not available for deployment from the 'Device Management' screen and will not be executed as well if added to a patch procedure.
  

• You can view the hidden patches by using the 'Show hidden patch(es) toggle button and install these patches onto endpoints.

Hide unwanted patch(es)

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab 

• Select a group to view the list of patches and Windows updates available for its devices

Or

• Select 'Show all' to view a list of all available patches and Windows updates

• Select the patch(es) you want to hide and click 'Hide Patch(es)'

To view the hidden patches again, you have to unhide them.

Restore Hidden Patches

• Restored patches will also be available for installation in  'Device Management' the interface and can be added to a patch procedure.

View hidden patches and restore them

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab 

• Select a group to view the list of patches and Windows updates available for its devices

Or

• Select 'Show all' to view a list of all available patches and Windows updates

• Click the funnel icon on the right, select 'Show hidden patch(es)' and click 'Apply'

The hidden patches are shown with dark gray background stripe.

• Select the hidden patch(es) from the list and click 'Unhide Patch(es)'

A confirmation message is displayed. The patches are re-added to the list.

Install patch(es) on all managed endpoints at-once

• Click 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab

• Select a group to view the list of patches and Windows updates available for its devices

Or

• Select 'Show all' to view a list of all available patches and Windows updates

• Select the patch(es) to be installed and click 'Install Patch(es)'

• Click 'OK' in the confirmation dialog

The command will be sent and the selected patch(es) will be installed on all endpoint(s) in which the patch is not already installed.

Install a patch on selected endpoints

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab 

• Select a group to view the list of patches and Windows updates available for its devices

Or

• Select 'Show all' to view a list of all available patches and Windows updates

• Click the number in the 'Not Installed' column of the patch you want to install.

The 'Patch Details' screen will open at the 'Device List' tab. The screen shows all managed devices to which the patch is relevant. The 'Installed' column tells whether the patch is installed on the device.

• Select the device(s) on which the patch is to be installed and click 'Install Patch'
  

• A confirmation appears:

The command will be sent to the selected device(s) and a schedule will be created for installation of the selected patch(es) on the devices.

Uninstall selected patches from all managed endpoints at-once

You can remove unwanted patches and Windows updates from the managed devices. This is useful if you want the managed endpoints to be rolled back to the previous build version of Windows component or the OS itself.

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab 

• Select a group to view the list of patches and Windows updates available for its devices

Or

• Select 'Show all' to view a list of all available patches and Windows updates

• Select the patch(es) to be removed from the devices and click 'Uninstall Patch(es)'

• Click 'OK ' in the confirmation dialog
  

• The command will be sent to the selected device(s) and a schedule will be created for uninstallation of the selected patch(es) on the devices.

Create a New Patch Procedure

• The 'Patch Management' > 'Operating System' interface lets you create a procedure to deploy OS patches.
  

• The procedures can be added to profiles and scheduled to run periodically.

Create a new patch procedure

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab
  

• Click 'Create Windows Patch Procedure' at the top

The 'Create Windows Patch Procedure' wizard starts.

• Create a name and specify the storage folder for the procedure. Select the categories of OS patches you want to install and configure endpoint restart options.
  

• See create an OS patch procedure for more help with the wizard.

Approve / decline a Windows OS patch

You can deploy only approved and auto-approved patches on endpoints. You can disapprove a patch so it cannot be deployed, for example, you want to evaluate whether the patch is required or not.

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab
  

• Select a patch and click 'Approved' or 'Decline' button at the top

• Auto Approve - Enable this button so when a new patch is listed here, it is automatically approved. If disabled, the patch shows its status as 'Waiting for approval'.

Search specific patches in the Patch Management interface

• Click the funnel icon on the right to filter patches by various criteria, including by name, by KB number, by bulletin number, by classification, by severity, and by whether a restart is required for the patches.
  

• Start typing the name of a patch in the search field to find a particular patch. Select the patch from the search suggestions and click 'Apply'.
  

• To display all items again, clear any filters and search criteria and click 'Apply'.
  

• Xcitium returns 20 results per page when you perform a search. To increase the number of results displayed per page up to 200, click the arrow next to 'Results per page' drop-down.

Generate Patch Statuses Report

• Click 'Software Inventory' > 'Applications' > 'Patch Management'
  

• Select the 'Operating System' tab
  

• Click 'Export' at the top.

• The CSV file will be available in 'Dashboards' > 'Reports'
  

• See 'Reports' in The Dashboards for how to view and download reports.