Patch Management / Remediation

Implement Approval process similar to Suppression for Patching related to vulnerabilities that are high risk, for eg CISA, EPSS> 0.95 This should not include, patches that go through scheduler Any 0 day vulnerability reported should go through approval process to be patched.

Provide a version-lock mechanism that allows selecting a specific app and choosing a version to roll back to. Use stored MSI uninstall commands to remove the bad version and reinstall the selected version.

Build a generic change-management system for patching workflows, AI reports, and suppression controls—ensuring patches must be reviewed/approved before release