Review the requirements before you install and use Patch.
In addition to a license for Patch, make sure that your environment also meets the following requirements.
|Platform||7.0.314.6085 or later
Enhanced functionality is available with version 7.0.314.6319 and later. Installing Tanium™ Interact is also suggested.
For role-based access control (RBAC), you must have Tanium Platform 7.1.314.3037 or later.
To support smart card authentication, including common access cards (CAC), see Tanium Core Platform Installation Guide: Smart card authentication.
Patch 2.2 supports Red Hat and CentOS Linux endpoints as a Limited Availability feature with Tanium Platform 7.2.314.3235 and later. For more information,
Patch is supported on Windows endpoints. Use Tanium Client 1540 and later.
Patch 2.2 supports Red Hat and CentOS Linux endpoints as a Limited Availability feature with Tanium Client 6.0.314.1554 and later. For more information,
|Tanium End-User Notifications||
1.2.0.004 or later (optional for Windows endpoints).
Not supported for Linux endpoints.
Patch is installed and runs as a service on the Module Server host computer. The impact on the Module Server is minimal and depends on usage. You might need to tune the Tanium Server download bytes and download limit settings (DownloadBytesPerSecondLimit) for your environment. Contact your Technical Account Manager (TAM) for details.
Patch downloads and distributes updates regularly. The Tanium Server stores these packages within the Downloads directory. Adequate disk space is required on the Tanium Server. Manual routine cleanup of old patch files is required prior to Tanium Server 7.2. Contact your TAM for details.
For more information, see Tanium Core Platform Installation Guide: Host system sizing guidelines.
In the Tanium Console Global Settings, set the Tanium Client cache limit (ClientCacheLimitInMB) to 2048MB and set the Hot cache (HotCachePercentage) to 80%. For more information, see Tanium Platform User Guide: Managing Global Settings.
If VDI is used in your environment, see the Tanium Client Deployment Guide: VDI.
Patch requires that endpoints have Windows Update Agent version 6.1.0022.4 or later installed. Enhanced functionality is available on Windows 7 systems with version 7.6.7601.19161 and later. See Microsoft KB313861. If you are controlling all patch deployments through Tanium, we suggest disabling the Windows Update Agent automatic functions at the domain level.
Specific processes and URLs are needed to run Patch.
If security software is in use in the environment to monitor and block unknown host system processes, your security administrator must create exclusions to allow the Tanium processes to run without interference.
"<Tanium Module Server>\services\patch\node.exe" service.js
|Endpoint computers||<Tanium>\Tanium End User Notification Tools\bin\client-ui.exe (if Tanium End-User Notifications is installed)
Exclude the following directories from on-access or real-time scans:
If security software is deployed in the environment to monitor and block unknown URLs, your security administrator must whitelist the following URLs.
Tanium Server 7.0
Different role types have varying privileges within Patch. Administrators can perform all functions; however, other role types are limited.
Action/Sensor Authors or Action Authors
|Initialize Patch service|
|Create, modify, or delete scan configurations and enforce against computer groups|
|Create, modify, or delete patch lists and blacklists|
|Create, modify, or delete deployments and target computer groups|
|Create, modify, or delete maintenance windows and enforce against computer groups|
Tanium Server 7.1 or later
For Tanium Platform version 7.1.314.3071 or later, Patch 2.0.9 introduces role-based access control (RBAC) permissions that control access to the Patch workbench. The three predefined roles are Patch Admin, Patch User, and Patch Read Only User.
|Privilege||Patch Administrator||Patch User||Patch Read Only User|
Patch Module Read
Read access to the Patch module
Patch Module Write
Write access to the Patch module
Patch Settings Write
Write access to global settings in the Patch module
Last updated: 8/9/2018 12:06 PM | Feedback