We support browsers, not dinosaurs. Please update your browser if you want to see the content of this webpage correctly.

Patch Management

Simplify and automate the patching process to save time and money. Get patching support for Windows and thousands of popular third-party applications.

Is your current defense strategy leaving you exposed?

Exploitation of unpatched software vulnerabilities remains one of the most common intrusion methods for hackers.

Myth 1:
Software patches can be ignored. My antivirus is enough to protect my business from cyber attacks.
57% of data breaches are attributed to poor patch management.
Myth 2:
We only need to worry about Microsoft-related patches.
86% of reported vulnerabilities are found in third-party applications.
Myth 3:
If our network gets compromised, we can fix the problem later.
It takes hackers 30 days to exploit a vulnerability, but it can take your company up to 186 days to fix it and up to $500,000 dollars to recover from just one single cybersecurity breach.
Myth 4:
The majority of cyberattacks are not preventable.
As many as 85% of targeted attacks are preventable. The top 10 known vulnerabilities account for 85% of successful exploits.
Myth 5:
Patches break things and don’t work as promised.
Our patch content engineers spend countless hours thoroughly testing all patches before we release them to you, in order to ensure they function optimally and don’t introduce new problems.

Why Avast Business Patch Management?

Proven, industry-leading patch management that keeps all your Windows systems and third-party apps up-to-date with the latest patches.

Save time with automation
Distribute thoroughly tested patches to thousands of machines in minutes, with minimal impact on your network.
Third-party application patching
Patching support for Microsoft Windows and thousands of popular vendors like iTunes®, Oracle® Java, Adobe® Flash® and Reader, and more.
Remote patching
Patch all devices anywhere—whether they're behind the firewall, on the road, at remote sites, or even asleep.
Centralize management
Manage all Microsoft Windows and thousands of third-party software updates from a single cloud-based platform.
Mitigate and close vulnerabilities
Achieve compliance, mitigate exploits, close vulnerabilities, and remotely deploy software and Windows updates.

Easy-to-use platform for ultimate control

Our integrated interface gives IT admins total control over the entire patching process, including patch discovery, distribution of software updates, and reporting.

Avast Business Patch Management

How it works

Patch Management accelerates the software update process, taking it from months to just minutes. Our team of patch content engineers carefully inspects each patch before it gets released to you, ensuring proper compliance. We apply our years of industry experience and innovation to the test, empowering you to quickly patch and secure your third-party apps.

Scan all devices for missing patches
Select the frequency of the patch scan, either daily, weekly, or monthly, and schedule when you would like the scan to take place.
Deploy patches
All vendors, software applications, and severities will be patched automatically, but you can easily exclude individual ones from application patching if needed.
Review patch status
From the dashboard, you can view missing patches, patch names and severity levels, along with release notes, release dates, and more.

Keep up with security threats and patches.

Avast Business Patch Management

Get Patch Management in the Business Hub

Avast Business Patch Management

Patch Management and our other solutions are deployed through the Business Hub empowering you to seamlessly manage endpoint security for all your devices from a single platform.

Modernize IT security

Modernize IT security

Modernize IT security

Read the 10 reasons to modernize your cybersecurity and the 10 ways to do it.

Enhance your protection with a security package

Enhance your protection with a security package

Enhance your protection with a security package

Our security packages are designed for small and mid-sized businesses to ensure that all devices, data, and applications are fully protected from ransomware and data breaches. Next-gen endpoint protection means more than just antivirus.
Choose the level of protection and support for your business today. Let us run your cybersecurity so you can focus on growing your business.

Everything you need to know to use Patch Management like a pro

No, you should not disable the Windows Update service, but you do need to adjust the Windows Update settings via the Windows Update Center and/or Group Policy. This is so Patch Management can provide updates.

The Windows Update settings should be set to either Manual or Automatic to successfully deploy patches. In addition, the Windows Update setting on each target machine (Control Panel > System and Security > Windows Update > Change settings) should be set to Never check for updates.

Deployment of patches will run under the remote machine's Local System account, so make sure this is allowed.

You can set up your patch schedule in Device Settings > Policy > Patch Management > Step 2. All devices or groups under the Patch Management policy will follow the schedule you set.

Simply go to your Patches page, which will provide detailed information on the severity of missing or installed patches with vendors, and on software applications.

You will be able to see how many devices are licensed for patch under the ‘Subscriptions’ section in the console.

We are planning to support Patch Management for Mac OS X devices in the second half of 2021.

This could be due to the following reason(s):

  1. The patch is currently being installed on those devices and will sync back with the console after the patch has been successfully installed.
  2. The patch could have failed to install and will be scheduled for a reinstall based on your patch deployment schedule.
  3. The device is offline.

You can modify the patch deployment schedule and exclude vendors and applications by going to Device Settings > Select Policy > Patch Management tab.

Yes, you can manually deploy patches to individual devices and groups of devices in one step.

Patches will be in one of the following states:

  • Scheduled: Grey Icon - Patch approved and scheduled to be deployed to device/s
  • Deployed: Green Icon - Patch successfully deployed to device/s
  • Failed to deploy: Red Icon - Failed to deploy patch/es to device/s
  • Missing: Yellow Icon - Patch is missing from device/s
  • Waiting to scan: Grey Icon - Waiting to run patch scan on device
  • Failed to scan: Red Icon - Failed to run patch scan on device

It could take a few seconds or several hours. The time depends on the size of the patch that is being downloaded to the device, the software application it is updating, and the hardware of the device.

Yes, the device you have selected as the Master Agent will be used to store the software application patches and will distribute them to devices on the network to save bandwidth. If you do not have a Master Agent selected, devices will download the software application patch directly from the internet (not recommended).