This site is for Avast Business products only. For articles on AVG Business products, see AVG Business Help. If you are in the right place but cannot find what you are looking for, please contact Avast Business Support for further assistance.

Patch Management Overview

This Article Applies to:

  • Avast Business Hub

 

Patch Management allows you to keep all your devices up to date with the latest feature and security patches for over 150 software vendors. This not only gives endpoint users all the latest features of their software, but also addresses the newest security threats. The Business Hub makes it easy to identify and deploy patches - On the Patches page, you can view and manage all the software patches for your devices.

To download the up-to-date list of all supported patches, click here.

 

Patch Management provides the following features:

  • Patches direct from vendor: Automatically retrieve patches for Windows and third-party applications to keep your devices up-to-date
  • Flexible deployment schedules: Schedule and deploy patches at your preferred times, or manually deploy on-demand to groups and individual devices
  • Intuitive dashboard: Manage all patches and view summaries of applied, missing, and failed patches
  • Customizable patches: Select which software vendors, products, and severity of patches you would like to scan and install and create exclusions for applications you do not want to patch
  • Patch scan results: Learn more about missing patches including specific updates, bulletin links, release dates, descriptions, and more
  • Reports: Determine the health and security of device software and applications
  • Patch notifications: Receive notifications when a new patch is found to be missing from your device(s) or has failed to deploy

As part of the Patch Management process, you will need to decide when to scan, patch, and restart your devices, which devices to update, how to install patches, and which patches to install.

Patch Scanning

A scan must be done to check devices for what patches they need. Scanning devices for missing patches is essential to patch management to identify what patches should be installed. Patch scanning is enabled for all devices that have a Patch subscription applied to them, and the results are displayed on the Patches page of the console.

To learn how to scan for patches via policies or manually, see Scanning Devices for Missing Patches.

You can add the Patch Management service to your devices by following the instructions provided in Managing Services.

Patch Statuses

The status of each patch is listed next to its name, with different statuses displayed in different colors to indicate severity. All patches will show a tooltip when hovered over detailing the last date and time the status was updated as well as the deployment type (manual vs scheduled.) There will also be extra details listed for failed patches to help you determine how to resolve any patching issues.

  • Scheduled: When the Patch is scheduled via policies
  • Missing: After a Patch Scan has completed and found missing patches
  • Ignored: Possible reasons will be excluded due to settings, manually excluded, or rolled back
  • Deploying: Progress will show the state of deployment, whether it’s downloading, installing, waiting for restart, or waiting for verification
  • Failed to deploy: Possible reasons will be unable to download patch file, downloaded patch file validation failed, or patch installation failed
  • Deployed: When the Patch has been successfully deployed to the device via either manual or scheduled patching

Patches List

The Patches page is separated into three tabs — Pending OS patches, Pending third-party patches, and Resolved patches.

The first two tabs display all Patch Management information in a table, with a summary in the buttons along the top for Missing, Scheduled, Downloading, Installing, Pending restart, and Failed to install patch statuses. The table lists all Patches available for the customer's/site's network along with the following information for each:

  • Patch type
  • Patch severity
  • CVSS score
  • When patch was released
  • Number of devices that need the patch
  • Current status of the patch
  • Action(s) that can be taken, if any

Pending OS Patches

Pending Third-Party Patches

The final tab displays patches that have been resolved — either by being ignored or successfully installed on the device. The two buttons at the top display the number of ignored patches and the number of installed patches. The table lists all resolved patches along with the following information for each:

  • Patch type
  • Patch severity
  • CVSS score
  • When patch was released
  • Number of devices that need the patch
  • Current status of the patch
  • Action(s) that can be taken, if any

Resolved Patches