This site is only for Avast Business products. For articles on AVG Business products, see AVG Business Help.

Deploying missing patches

This Article Applies to:

  • Avast Business CloudCare

Once your devices have been scanned, any missing patches displayed on the Patches page can be deployed either automatically or manually. Some patches can take hours to deploy, particularly if the patch itself is large and you have many devices in your network.

Automatic Patching via Policies

Enabling automatic patch deployment in the policy will deploy missing patches on an automatic, recurring basis. If you would like to perform a one-time manual patch, see Ad Hoc Patching via Patches Page.

In the policy you would like to edit, click the Patch Management tab. In policies, you can choose from the following options for automatic deployment once a patch scan has completed on the device:

  • Do not deploy patches: Patches will need to be deployed manually
  • Deploy approved patches immediately after scan. This option uses Auto-Approval Rules as well as any manual approvals done in the Patches section.
  • Deploy approved patches later:
    • Frequency: Daily, Weekly, or Monthly
      • If you are performing monthly scans, please ensure the day of the month you’ve chosen occurs every month. For example, do not choose the 31st day of the month unless you specifically want to skip scanning on months without 31 days
    • Time: a specific time of day you would like the scan to take place, down to the hour and minute of the scan start

It is recommended you configure your patch deployment to occur after patch scanning so any missing patches are deployed as soon as possible.

If you are using a Master Agent/Local Update Agent, that device will be used to store the software application and OS patches and will distribute to devices on the network, the same as virus and program update file distribution.

Auto-Approval Rules

Patches will not be deployed until they are approved. The Auto-approval Rules section displays the patches that will automatically be approved without any manual interaction from you.

In the policy you would like to edit, click the Patch Management tab. Then click the Auto-Approval Rules tab. Select the patch severities that are auto-approved according to vendor and product.

Ignored Patches

By default, all vendors, software applications, and severities will be patched unless you exclude them. The Ignored Patches section displays vendors, applications, and patch severities on the exclusions list, which will not be updated. These settings will override Auto-Approval Rules.

Navigate to the Patches tab. In the list of available patches on the All Patches or Patches by Device tabs, select the ones you would like to exclude using the check boxes. Then click Ignore.

Ad Hoc Patching via Patches Page

If you would like to deploy patches manually, you can do so on the Patches page.

  1. Navigate to the Patches page
  2. Do one of the following:
    • For a single device, click the More button beside the patch and click Deploy immediately
    • For multiple devices, select the check boxes beside the patch(es) and click Deploy immediately

Wait while the patch deployment command runs on the target device(s). Successfully deployed patches will be displayed on the Patches page under the proper filter.

Rolling Back Patches

This option is used to uninstall patches from devices that may have had unforeseen consequences. This is only available for patches with roll back support.

Navigate to the Patches tab, then click Roll Back Patches in the left-hand navigation pane. Select the patch(es) you would like to roll back, then click Roll Back Patch.