Configuring auto-remediation options

To edit the general deployment options:

1. Launch GFI LanGuard.

2. From the computer tree, right-click a computer/computer group and select Properties.

Computer properties

3. Select the Agent Status tab and from Auto remediation settings, click Change settings...

General auto-remediation settings

4. Select the action to take after receiving scan results from the agent. Click Configure auto-remediation options...

Before deployment options

5. Configure Before Deployment options described below:

Option Description
Wake up offline computers Start computers if they are turned off. For more information refer to Configuring Wake-on-LAN on scan targets.
Warn user before deployment (show message) Displays a message on the target machine to warn the user before deploying software.
Wait for user’s approval Wait for user’s approval before deploying software.
Messages Click Messages to select the end-user’s computer language and define the warning message. For more information refer to Configuring auto-remediation messages.
Administrative shares Make a copy of the software on the default network shares.
Custom shares Make a copy of the software in a custom share. Key–in the folder name in the text box.
Remember settings Saves your configured settings and uses them during the next remediation job.

After deployment options

6. Click After Deployment tab. Configure After Deployment options described below:

Option Description
Do not reboot/shutdown the computer Leave scan target(s) turned on after remediating vulnerabilities, even if patches require a reboot to be installed completely.
Reboot the target computers only if required GFI LanGuard reboots a target machine only if at least one patch requires a reboot. If no patches require a reboot, a reboot is not executed.
Reboot the target computers Always reboots computers after remediating vulnerabilities.
Shut down the target computers Target machine will shut down after deploying software.
Immediately after deployment Reboots/shuts down computers immediately after remediating vulnerabilities.
At the next occurrence of Specify the time when the computers reboot/shut down.
When between This option enables you to specify time and day values. If the remediation job is completed between the specified times (start time and end time), the computer(s) will reboot/shut down immediately. Otherwise, the reboot/shut down operation is postponed until the next entrance into the specified time interval.
Let the user decide Click Preview to view a screenshot of the dialog in the user manual. This dialog opens on the end-user’s computer after remediating vulnerabilities. For more information refer to Configuring end-user reboot and shut down options.
Show notification before shut down for Shows a custom message on the end user’s computer for a specified number of minutes before reboot/shut down.
Delete copied files from remote computers after deployment

Deletes the downloaded patches / service packs after they are deployed.

Run a patch verification scan after deployment

Verifies deployed patches, scanning target when the deployment process is complete.


  • If the user chooses to reboot computer after the deployment, the Patch Verification Scan will occur after the machine was restarted.
  • If the user chooses to shut down the computer after deployment, the computer will be restarted and the Patch Verification Scan will shut down the computer.
Remember settings Saves your configured settings and uses them during the next remediation job.

Advanced deployment options

7. (Optional) Select Advanced tab. Configure the options described below:

Option Description
Number of deployment threads

Specify the maximum number of processing threads allowed to start when deploying software updates. The number of threads determines the number of concurrent deployment operations an agent can handle.

Deployment timeout (seconds)

Specify the time (in seconds) an agent attempts to deploy an update. If the specified time is exceeded, the agent stops the unresponsive deployment and starts a new deployment thread.

This feature enables you to stop the process thread so that if an update is taking longer than normal deployment time, the remediation operation continues without jeopardizing the rest.

Deploy patches under the following administrative account Select this option to use a custom administrative account to log and deploy patches on target machines. The account selected must have Log–on as service privilege on the target computers. For more information on how to configure an account with log–on as service privilege, refer to


8. Click OK to apply changes.