We support browsers, not dinosaurs. Please update your browser if you want to see the content of this webpage correctly.

Patch Management

Patch Management adds an important layer to your endpoint security foundation – improving overall protection and easing your workload.

Exclusively for Windows devices
What is Patch Management exactly?

What is Patch Management exactly?

What is Patch Management exactly?

Patches are released to fix vulnerabilities or security gaps in Windows operating systems and other application software. If patches are not applied in a timely manner, networks can be severely compromised.

While most businesses are aware of the importance of patching, many don’t do it because there are too many patches, patching often interrupts operations, and can cause problems with other systems.

Patch Management solves these issues by making it easy to identify and deploy critical patches and monitor ongoing activity from a central cloud management dashboard.

Easy-to-use console for ultimate control

Automatic patching fixes and updates Windows operating systems as well as thousands of third-party software applications.

Avast Business Patch Management
30-day money-back guarantee

How does patching work?

Scan all devices for missing patches
Select the frequency of the patch scan, either daily, weekly, or monthly, and schedule when you would like the scan to take place.
Deploy patches
All vendors, software applications, and severities will be patched automatically, but you can easily exclude individual ones from application patching if needed.
Review patch status
From the dashboard, you can view missing patches, patch names and severity levels, along with release notes, release dates, and more.

Introducing Avast Patch Management

Flexible deployment schedules
Schedule and deploy approved patches at desired times or manually deploy to groups or individual devices.
Master agent capabilities
Download all missing patches to a master agent that seamlessly distributes patches to all managed devices in the network.
Intuitive dashboard
Manage all software patches and view graphical summaries of installed, missing, or failed patches from any device.
Patch scan results
View detailed results from a single platform that includes information on missing patches, severity levels, knowledge base links, release dates, descriptions, and more.
Customizable patches
Choose software vendors, products, and the severity of patches to scan and install. Easily create exclusions for applications.
Automatic scans
Schedule patch scans to run automatically every 24 hours and set patches to deploy on a specified day. These default settings can be customized at any time.
Thousands of patches
Deploy patches for Windows operating systems and thousands of other third-party software applications for comprehensive protection.
Roll back and ignore
Simply roll back patches if they are unstable from individual devices or ignore so they don’t show in patch results or get redeployed.

Get Patch in our Cloud Management Console

Patch Management and our other antivirus products are deployed through the Cloud Management Console, making it seamless to manage endpoint security for all your devices from a single platform. Patch Management can only be configured from the console.

Enhance Patch Management with Premium Support


Get Premium Support with your product

Our Premium Support team is here 24/7 to help you with installation, troubleshooting, and more. With a 1-hour guaranteed first response time, get help when you want it and when you need it.

Everything you need to know to use Patch Management like a pro

Yes, it is highly recommended that you adjust Windows Update settings for your devices via the Windows Update Center and/or Group Policy so Patch Management can provide updates.

The Windows Update service must not be disabled; rather, it should be set to either Manual or Automatic to successfully deploy patches. In addition, the Windows Update setting on each target machine (Control Panel > System and Security > Windows Update > Change settings) should be set to Never check for updates.

Deployment of patches will run under the remote machine's Local System account, so make sure this is allowed.

We have phased out Software Updater from Avast Business antivirus products, as it conflicts with Patch Management.

You can set up your patch schedule in Device Settings > Policy > Patch Management > Step 2. All devices or groups under the Patch Management policy will follow the schedule you set.

The Patches page provides an overview of all missing patches for all devices connected to your console. The Devices page provides a list of your devices and the Device Patch Results tab identifies missing patches for that particular device.

We will have 6 reports in total that will provide detailed information on the severity of missing or installed patches with vendors, and on software applications.

You will be able to see how many devices are licensed for patch under the ‘Licenses’ section in the console.

We are planning to support Patch Management for Mac OS X devices in the second half of 2020.

Could be due to the following reasons:

  1. The patch is currently being installed on those devices and will sync back with the console after the patch has been successfully installed.
  2. The patch could have failed to install and will be scheduled for a reinstall based on your patch deployment schedule.
  3. The device is offline.

You can modify the patch deployment schedule and exclude vendors and applications by going to Device Settings > Select Policy > Patch Management tab.

Yes, you can manually deploy patches to individual devices and groups of devices in one step.

Patches will be in one of the following states:

  • Scheduled: Grey Icon - Patch approved and scheduled to be deployed to device/s
  • Deployed: Green Icon - Patch successfully deployed to device/s
  • Failed to deploy: Red Icon - Failed to deploy patch/es to device/s
  • Missing: Yellow Icon - Patch is missing from device/s
  • Waiting to scan: Grey Icon - Waiting to run patch scan on device
  • Failed to scan: Red Icon - Failed to run patch scan on device

It could take from a few seconds to several hours. The time depends on the size of the patch that is being downloaded to the device, the software application it is updating, and the hardware of the device.

Yes, the device you have selected as the Master Agent will be used to store the software application patches and will distribute them to devices on the network to save bandwidth. If you do not have a Master Agent selected, devices will download the software application patch directly from the internet (not recommended).