Patch Management Overview

This Article Applies to:

  • Avast Business Cloud Console

On the Patches page, you can view and manage all the software patches for your devices. Patch Management allows you to keep all your devices up to date with the latest feature and security patches for over 150 software vendors. This not only gives endpoint users all the latest features of their software, but also addresses the newest security threats. The Cloud Console makes it easy to identify and deploy patches from a central dashboard.

Patch Management provides the following features:

  • Patches direct from vendor—Automatically retrieves patches for Windows and 3rd-party applications to keep your devices up-to-date
  • Flexible deployment schedules—Schedule and deploy patches at your preferred times, or manually deploy on-demand to groups and individual devices
  • Intuitive dashboard—Manage all patches and view summaries of applied, missing, and failed patches
  • Customizable patches—Select which software vendors, products, and severity of patches you would like to scan and install and create exclusions for applications you do not want to patch
  • Patch scan results—Learn more about missing patches including specific updates, bulletin links, release dates, descriptions, and more
  • Reports—Determine the health and security of device software and applications
  • Patch notifications—Receive notifications when a new patch is found to be missing from your device(s) or has failed to deploy

As part of the Patch Management process, you will need to decide when to scan, patch, and restart your devices, which devices to update, how to install patches, and which patches to install.

Patch Scanning

A scan must be done to check devices for what patches they need. Scanning devices for missing patches is essential to patch management to identify what patches should be installed.

Patch scanning is enabled for devices that have a Patch subscription applied to them. Results are displayed on the Patches page. To change the frequency and time the automatic patch scan runs, edit your policy. See Scanning Devices for Missing Patches for more information.

You can add Patch Management subscriptions to your devices using the process in Applying Licenses to Devices.

Patch Statuses

The status of each patch is listed next to its name, with different statuses displayed in different colors to indicate severity. All patches will show a tooltip when hovered over detailing the last date and time the status was updated as well as the deployment type (manual vs scheduled.) There will also be extra details listed for failed patches to help you determine how to resolve any patching issues.

  • Scheduled—when the Patch is scheduled using Policies
  • Missing—after a Patch Scan has completed and found missing patches
  • Ignored—possible reasons will be excluded due to settings, manually excluded, or rolled back
  • Deploying—progress will show the state of deployment, whether it’s downloading, installing, waiting for restart, or waiting for verification
  • Failed to deploy—possible reasons will be unable to download patch file, downloaded patch file validation failed, or patch installation failed
  • Deployed—when the Patch has been successfully deployed to the device via either manual or scheduled patching
  • Rollback—progress will show the state of the roll back, whether it’s uninstalling, waiting for restart, or waiting for verification

Patches List

The Patches page displays all Patch Management information in a table. Your devices are listed in the left-hand panel, and you can filter through them by name, the status of the device, and the status of the patches. The right-hand panel lists all Patches for the selected device along with the following information for each:

  • Patch status
  • Bulletin Title
  • Vendor
  • Bulletin ID/KB
  • Patch
  • Severity
  • Release Date