Deploying Missing Patches

This Article Applies to:

  • Business Hub
  • Avast Business Cloud Console

Once your devices have been scanned, any missing patches displayed on the Patches page can be deployed either automatically or manually. Some patches can take hours to deploy, particularly if the patch itself is large and you have many devices in your network.

Automatic Patching via Policies

Due to the introduction of Global Policies, all standalone Cloud Console customers must use the Business Hub to make changes to their policy-based Patch Management settings.

Enabling automatic patch deployment in the policy will deploy missing patches on an automatic, recurring basis. If you would like to perform a one-time manual patch, see Ad Hoc Patching via Devices or Patches Page.

In the policy you would like to edit, click the Service Settings tab. Then click Patch Management, and expand the Patch scans and deployments section. In policies, you can choose from the following options for automatic deployment once a patch scan has completed on the device:

  • Do not deploy patches: Patches will need to be deployed manually
  • Deploy patches immediately once found missing.
  • Deploy patches later:
    • Frequency: Daily, Weekly, or Monthly
      • If you are performing monthly scans, please ensure the day of the month you’ve chosen occurs every month. For example, do not choose the 31st day of the month unless you specifically want to skip scanning on months without 31 days
    • Time: a specific time of day you would like the scan to take place, down to the hour and minute of the scan start

It is recommended you configure your patch deployment to occur after patch scanning so any missing patches are deployed as soon as possible.

If you are using a Master Agent/Local Update Agent, that device will be used to store the software application and OS patches and will distribute to devices on the network, the same as virus and program update file distribution.

Patch Exclusions

By default, all vendors, software applications, and severities will be patched unless you exclude them. In the Patch Exclusions section you can add vendors, applications, and patch severities to the exclusions list, which will exclude them from being updated.

Due to the introduction of Global Policies, all standalone Cloud Console customers must use the Business Hub to make changes to their policy-based Patch Management settings.

In the policy you would like to edit, click the Exclusions tab. Then expand the Patch Management section.

Click + Add new exclusion to see a list of vendors and applications (products) that belong to the vendor. You can search for a vendor or application, or scroll down the list. Select which vendors and applications you would like to exclude, and then select which severities you would like to exclude.

Ad Hoc Patching via Devices or Patches Page

If you would like to deploy patches manually, you can do so on either the Devices page (Business Hub and Cloud Console) or the Patches page (Cloud Console only). The process is similar for both pages.

Devices Page

Business Hub

Cloud Console

Patches Page

  1. Navigate to either the Devices or the Patches page
  2. Do one of the following:
    • For a single device, click the More button beside the device and click Deploy immediately
    • For multiple devices, select the check boxes beside the device(s) and click Actions ▸ Deploy immediately

Wait while the patch deployment command runs on the target device(s). Successfully deployed patches will be displayed on the Patches page under the proper filter.

Other Actions Related to Patch Management (Cloud Console)

There are a number of other options available for patches that you can access by selecting specific patches in the right-hand pane on the Patches page, or clicking the More button beside a device.

  • Approve for deployment: to deploy patches at the next scheduled patch deployment time per the policy
  • Try deployment again: for Failed to deploy patches, once you have resolved whatever caused the patch to fail initially
  • Ignore: to add patches to the Ignored List so they will not be deployed even if set to automatically deploy via the policy
  • Roll back: to uninstall patches from devices that may have had unforeseen consequences. This is only available for patches with roll back support
  • Patches settings for this device: view the Patch Management settings in the device’s policy