Athena EPP (Endpoint Protection Platform)

Athena EPP (formerly Sangfor Endpoint Secure) integrates NGAV, EDR, and endpoint management into a single, powerful solution for comprehensive endpoint protection.
{{ $t('productDocDetail.guideClickSwitch') }}
{{ $t('productDocDetail.know') }}
{{ $t('productDocDetail.dontRemind') }}
6.0.4R4
Athena EPP (Endpoint Protection Platform) {{ breadTitle }} User Manual Getting Started Risk Assessment Windows Update
{{sendMatomoQuery("Athena EPP (Endpoint Protection Platform)","Windows Update")}}

Windows Update

{{ $t('productDocDetail.updateTime') }}: 2025-12-30

On the Windows Update page, you can view the frequently reported Windows vulnerabilities from the perspectives of assets and patches. In addition, you can select endpoints or patches and handle them as an administrator.

4.3.1.1Patching

4.3.1.1.1Assets

On the Assets tab, you can view the Windows patching statistics of endpoints, including the total number of patches, the number of installed patches, etc.

Select an endpoint and click Patch in the upper-left corner. Then, the corresponding patches will be pushed to the endpoint.

Patches will be installed only on endpoints that are unpatched or fail to be patched. Some patches may take a long time to install. Therefore, we recommend that you install no more than 20 patches at a time.

You can go to Policies > General Policies > Vuln Remediation and select Remind users to restart under Restart After Patch Installation as an administrator. This way, after the patches are successfully installed on the endpoint, a notification message will appear to prompt the endpoint user to restart the endpoint. The notification message can be customized as needed.

4.3.1.1.2Patches

On the Patches tab, you can view the number of unpatched endpoints for a specific Windows patch, severity, impact type, whether an endpoint restart is needed to apply the patch, release date, etc.

Select a patch and click Patch in the upper-left corner. Then, the patch will be pushed to the corresponding endpoints.

Patches will be installed only on endpoints that are unpatched or fail to be patched. Some patches may take a long time to install. Therefore, we recommend that you install no more than 20 patches at a time.

If Remind users to restart is selected, the corresponding endpoint users will receive a notification message prompting them to restart the endpoints after patch installation. The notification message is the same as the notification message that is prompted after patch installation when Patch on the Assets tab is clicked.

4.3.1.2Scan Tasks

On the Scan Tasks tab, you can view the patch template statistics, such as the number of patches included in the predefined patch library, the time when the patch library was last updated, and other key information. In addition, you can create scan tasks for specific endpoint groups or endpoints to scan the vulnerabilities on the endpoint groups or endpoints.

Steps

Step 1.Click Add Task to create a scan task. In the Add Task dialog box, configure the following parameters:

Task Name: Specify the name of the scan task.

Patch Templates: Select a patch template.

Target Assets: Select the endpoint group or endpoint to which this scan task will apply.

Then, click OK. The scan task is created and automatically executed.

Step 2.After the scan task is completed, click Details to view the scan result.

Step 3.Click the name of a patch to view the corresponding details, including the asset information, last scan time, patch ID, impact, disclosure date, patchable version, patch download URL, etc.

IMG_256