Patch Management Overview

 

Patch Management is currently only available at the Customer level, though Partners can view their customers' Patch details and configure them. Please note that Patch Management is only available on Windows devices, and will not be used for macOS.

The Patches interface allows you to view needed patches across the devices in your network. You can use the left-hand navigation pane to filter by All Patches, Patches by Device, Ignored Patches, and Roll Back Patches. You can also use the drop-down menus in the Patches tab to filter the patches by status, severity, vendor, and release date, or filter devices by policy, group, and operating system.

Patch Management allows you to keep all your devices up to date with the latest feature and security patches for over 150 software vendors. This not only gives endpoint users all the latest features of their software, but also addresses the newest security threats. CloudCare makes it easy to identify and deploy patches from a central dashboard.

Patch Management provides the following features:

• Patches direct from vendor—Automatically retrieves patches for Windows and 3rd-party applications to keep your devices up-to-date
• Flexible deployment schedules—Schedule and deploy patches at your preferred times, or manually deploy on-demand to groups and individual devices
• Intuitive dashboard—Manage all patches and view summaries of applied, missing, and failed patches
• Customizable patches—Select which software vendors, products, and severity of patches you would like to scan and install and create exclusions for applications you do not want to patch
• Patch scan results—Learn more about missing patches including specific updates, bulletin links, release dates, descriptions, and more
• Reports—Determine the health and security of device software and applications
• Patch notifications—Receive notifications when a new patch is found to be missing from your device(s) or has failed to deploy

As part of the Patch Management process, you will need to decide when to scan, patch, and restart your devices, which devices to update, how to install patches, and which patches to install.

Patch Scanning

A scan must be done to check devices for what patches they need. Scanning devices for missing patches is essential to patch management to identify what patches should be installed.

Patch scanning is enabled for devices that have a Patch subscription applied to them. Results are displayed on the Patches tab. To change the frequency and time the automatic patch scan runs, edit your policy. See Scanning Devices for Missing Patches for more information.

You can add Patch Management subscriptions to your devices using the process in Applying Subscriptions to Devices.

Patch Statuses

The status of each patch is listed next to its name, with different statuses displayed in different colors to indicate severity. All patches will show a tooltip when hovered over detailing the last date and time the status was updated as well as the deployment type (manual vs scheduled.) There will also be extra details listed for failed patches to help you determine how to resolve any patching issues.

• Scheduled—when the Patch is scheduled using Policies
• Missing—after a Patch Scan has completed and found missing patches
• Ignored—possible reasons will be excluded due to settings, manually excluded, or rolled back
• Deploying—progress will show the state of deployment, whether it’s downloading, installing, waiting for restart, or waiting for verification
• Failed to deploy—possible reasons will be unable to download patch file, downloaded patch file validation failed, or patch installation failed
• Deployed—when the Patch has been successfully deployed to the device via either manual or scheduled patching
• Rollback—progress will show the state of the roll back, whether it’s uninstalling, waiting for restart, or waiting for verification

All Patches

The All Patches page displays all Patch Management information in a table. Your devices are listed in the left-hand panel, and you can filter through them by name, the status of the device, and the status of the patches. The right-hand panel lists all Patches for the selected device along with the following information for each:

In this section you can view all required patches. You can also use the drop-down menus to filter the patches by status, severity, vendor, release date, or by typing in the patch name. The table lists the following information:

• Patch Name: the name of the patch/update
• Vendor: the vendor for the software being patched
• Bulletin ID: a link to the vendor's page to show you the release notes for the patch
• Severity: the assigned severity of the patch, whether it is Critical, Important, Moderate, Low, or None
• Release Date: the date the patch was released by the vendor
• Status: the status of the patch, whether it is Missing, Approved, Deployed, Failed, or Ignored

Clicking on the numbers in the Patch Status table will list the devices for that patch/status. Clicking the Approved column will also show current status of deployment.

You can click Actions > Export and Actions > Print for the list, which will not cause any changes to your devices.

Patches by Device

The left side panel will list all devices that require missing patches after you have selected a patch or patches on the right side panel. You will see the device's Name, Policy, and Group. You can use the drop-down menus to filter the devices by policy, group, operating system, or device name/description.

You can use the menus to filter patches by status, severity, release date, vendor, or patch name. The right side panel will show you all missing patches with the following information:

• Patch Status: the status of the patch, whether it is Missing, Approved, Deployed, Failed, or Ignored
• Patch Name: the name of the patch/update
• Severity: the assigned severity of the patch, whether it is Critical, Important, Moderate, Low, or None
• Release Date: the date the patch was released by the vendor

You can click Actions > Export and Actions > Print for the list, which will not cause any changes to your devices.

Ignored Patches

In this section you can view all patches that have been ignored. You can use the drop-down menus to filter the patches by severity, release date, vendor, or by typing in the patch name. The table lists the following information:

• Patch Name: the name of the patch/update.
• Vendor: the vendor for the software being patched.
• Bulletin ID: a link to the vendor's page to show you the release notes for the patch.
• Severity: the assigned severity of the patch, whether it is Critical, Important, Moderate, Low, or None.
• Release Date: the date the patch was released by the vendor.
• Ignored in Policies: the policy or policies where the patch has been ignored.

You can click Actions > Export and Actions > Print for the list, which will not cause any changes to your devices.

Roll Back Patches

In this section you can view all patches that have been deployed and are capable of being uninstalled, in the event you wish to roll them back. You can use the drop-down menus to filter the patches by severity, vendor, release date, or by typing in the patch name. The table lists the following information:

• Patch Name: the name of the patch/update.
• Vendor: the vendor for the software being patched.
• Bulletin ID: a link to the vendor's page to show you the release notes for the patch.
• Severity: the assigned severity of the patch, whether it is Critical, Important, Moderate, Low, or None.
• Release Date: the date the patch was released by the vendor.
• Deployed Count: the number of devices the patch has been deployed to.

You can click Actions > Export and Actions > Print for the list, which will not cause any changes to your devices.