This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Deploying Missing Patches

This Article Applies to:

  • Avast Business Hub

 

Once your devices have been scanned for missing patches, any supported patches that have not yet been installed will be displayed on the Patches page of your console and under the Patches tab of each device that was scanned. You can then deploy these patches manually (ad hoc) or set up automatic patch deployment. Note that some patches can take hours to deploy, particularly if a patch is large and/or if you host a large number of devices in your network.

A system reboot is often needed upon installing Antivirus updates or patches. To ensure that the devices in your network are restarted whenever a service requires such action, enable required restarts in your policy settings. For more information, see Configuring Restarts.

If needed, you can omit certain patches from being deployed by either ignoring them manually or adding them to patch exclusions (see Ignoring Patches and Configuring Patch Management Exclusions for more information).

To download the up-to-date list of all supported patches, click here.

Enabling/Disabling Automatic Patch Deployment

To enable or disable automatic deployment of missing patches:

  1. Open the Policies page
  2. Click the desired policy to open its Detail drawer
  3. Click the Settings tab, then Patch Management
  4. Expand the Patch scans and installations section
  5. Under Once scan has completed on endpoint device, choose one of the following:
    • Do not install patches: Select this option if you want patches to be deployed manually instead of automatically (see Deploying Patches Manually for further instructions).
    • Install patches immediately once found missing: Select this option if you want patches to be deployed automatically as soon as the patch scan completes (note that the patches might first go into the Scheduled status before being downloaded and installed).
    • Install patches later: Select this option if you want patch deployment to run automatically on a schedule (then choose between daily, weekly, or monthly frequency, and define the time of day you would like the deployment to take place).
      • If you decide on monthly installations, please ensure the day of the month you have chosen occurs every month (for example, do not choose the 31st day of the month unless you specifically want to skip installing on months without 31 days).

It is recommended you configure patch deployment to occur right after patch scanning (second option) so any missing patches are deployed as soon as possible.

If you are using an Update Agent, that device will be used to store application and OS patches and will distribute them to devices in your network (same as with program and virus definitions updates).

To learn more about the differences between the two patch deployment methods, see Automatic vs. Ad Hoc Patching.

Deploying Patches Manually

If you have decided to deploy missing patches manually, you can do so from either the Devices page or the Patches page.

Deploying via Devices Page

  1. Go to the Devices page
  2. Do one of the following:
    • For a single device, click the three dots next to it to open the device's actions menu
    • For multiple devices, tick the checkboxes next to them, then hover over the More menu in the top right corner
  1. Select Install Missing Patches
  1. In the pop-up dialog, confirm the action by clicking Install now

Another way you can install one or more patches on a single device is via the Patches tab of the device's Detail drawer.

Wait while the patch deployment command runs on the target device(s). Successfully deployed patches will be displayed under the Resolved patches tab of the Patches page.

Deploying via Patches Page

  1. Go to the Patches page
  2. Under the Pending OS patches/Pending third-party patches tab, locate the patch(es) you want to install
  3. Do one of the following:
    • For a single patch, click the Install button to the right of the patch name
    • For multiple patches, tick the checkboxes next to them, then hover over the More menu in the top right corner of the patch list and select Install
    • For all patches, click Install all in the top right corner of the patch list
  1. In the pop-up dialog, do one of the following:
    • To install the selected patch(es) on specific devices only, click the Select devices to update link, mark the desired devices, then click Install
    • To install the selected patch(es) on all devices, click Install

Another way you can install a single patch on one or more devices is via the patch's Detail drawer.

Wait while the patch deployment command runs on the target device(s). Successfully deployed patches will be displayed under the Resolved patches tab of the Patches page.

 

Other Articles In This Section:

Scanning Devices for Missing Patches

Automatic vs. Ad Hoc Patching

Related Articles:

Patch Management Overview

Ignoring Patches

Configuring Patch Management Exclusions