This site is only for Avast Business products. For articles on AVG Business products, see AVG Business Help.

Deploying Missing Patches

This Article Applies to:

  • Business Hub

Once your devices have been scanned, any missing patches displayed on the Patches page can be deployed either automatically or manually. Some patches can take hours to deploy, particularly if the patch itself is large and you have many devices in your network.

Automatic Patching via Policies

Enabling automatic patch deployment in the policy will deploy missing patches on an automatic, recurring basis. If you would like to perform a one-time manual patch, see Ad Hoc Patching via Devices or Patches Page.

In the policy you would like to edit, click the Service Settings tab. Then click Patch Management, and expand the Patch scans and deployments section. In policies, you can choose from the following options for automatic deployment once a patch scan has completed on the device:

  • Do not install patches: Patches will need to be installed manually
  • Install patches immediately once found missing.
  • Install patches later:
    • Frequency: Daily, Weekly, or Monthly
      • If you are performing monthly installations, please ensure the day of the month you’ve chosen occurs every month. For example, do not choose the 31st day of the month unless you specifically want to skip installing on months without 31 days
    • Time: a specific time of day you would like the installation to take place, down to the hour and minute of the installation start

It is recommended you configure your patch deployment to occur after patch scanning so any missing patches are deployed as soon as possible.

If you are using an Update Agent/Local Update Agent, that device will be used to store the software application and OS patches and will distribute to devices on the network, the same as virus and program update file distribution.

Patch Exclusions

By default, all vendors, software applications, and severities will be patched unless you exclude them. In the Patch Exclusions section you can add vendors, applications, and patch severities to the exclusions list, which will exclude them from being updated.

In the policy you would like to edit, click the Exclusions tab. Then expand the Patch Management section.

Click + Add new exclusion to see a list of vendors and applications (products) that belong to the vendor. You can search for a vendor or application, or scroll down the list. Select which vendors and applications you would like to exclude, and then select which severities you would like to exclude.

Ad Hoc Patching via Devices or Patches Page

If you would like to deploy patches manually, you can do so on either the Devices page or the Patches page. The process is similar for both pages.

Devices Page

Business Hub

  1. Navigate to the Devices page
  2. Do one of the following:
    • For a single device, click the More button beside the device and click Install missing patches
    • For multiple devices, select the check boxes beside the device(s), click the More button at the top right, then click Install missing patches

Patches Page

  1. Navigate to the Patches page
  2. Click either Pending OS patches or Pending third-party patches at the top left for which type of patches you want to install
  3. Do one of the following:
    • For a single patch, click the Install button to the right of the patch name in the table
    • For multiple patches, select the check boxes beside the patch(es) and click Install at the top right of the table
    • For all patches, click Install all at the top right of the table

Wait while the patch deployment command runs on the target device(s). Successfully deployed patches will be displayed on the Patches page under the proper filter.