Automatic vs Ad Hoc Patching

This Article Applies to:

  • Avast Business Cloud Console

Missing patches can be installed on managed devices either through a one-time ad hoc deployment from the Patches page, or through a recurring deployment using a policy. It may be necessary to apply patches through different methods depending on your network needs and the device. For example, there may be a critical patch for a server device that has patch deployment scheduled for the following week. In this instance, you may want to push the critical patch immediately rather than waiting for the scheduled deployment.

Automatic Patching Ad Hoc Patching
install on a regular basis install on a one-time basis
apply a schedule to a group of devices patch most devices or only a few
set a recurring patch schedule install patches immediately, or soon
automatically deploy patches that meet certain criteria select patches to deploy from a list
exclude patches from specific vendors or applications install patches that have been excluded from automatic install

Automatic

Installing patches through policies lets you set up recurring installs of patches. Using a policy, you can choose the patches you want to install and set up the time you want the install to start. You set up your patching options, and then choose the affected devices by applying the policy to a device group.

Using a policy to install patches is best for setting up a recurring, ongoing patching schedule. You can even use multiple policies to arrange patches to be installed on different schedules according to their severity and importance. The schedule repeats with no actions from you, keeping your devices up to date and taking the work of Patch Management off your task list.

For more information on automatic patching, see Automatic Patching via Policies.

Ad Hoc (Manual)

Doing an ad hoc deployment via the Patches page gives you the same options for choosing and installing patches. You can sort by the same options and set up the install and restart for time when users won’t be interrupted. However, with ad hoc installs, you also choose the devices the patches are installed on from a list of devices instead of a device group.

Ad hoc installs are best for doing one-time patch installs. For example, if a high-profile security vulnerability is found in popular software that affects most of your users, you could do an ad hoc install to start the patching process right away, without worrying about scheduling the patch for a convenient time.