We support browsers, not dinosaurs. Please update your browser if you want to see the content of this webpage correctly.
20% OFF

Patch Management

Having a strong endpoint security foundation is crucial but antivirus alone isn’t enough. Avast Business Patch Management takes the guesswork out of patching by identifying critical vulnerabilities and making it easy to deploy patches from a central dashboard.

For Windows operating systems only.

$29.99 $37.49

per 1 device 1 year

If you already use the Avast Business Management Console, please log in and purchase Patch Management from there.

Patch Management plays a critical role in layered endpoint cybersecurity.

Patch Management

Patch management plays a critical role in endpoint cybersecurity. Patches are released to fix vulnerabilities or security gaps in Windows operating systems and other application software. If patches are not applied in a timely manner, networks can be severely compromised.

While most businesses are aware of the importance of patching, many don’t because there are too many patches, patching often interrupts operations, and patches can cause problems with other systems.

The new Avast Business Antivirus products, enhanced with Patch Management, solve these issues by making it easy to identify and deploy critical patches and monitor ongoing activity from a central dashboard.

How does patching work?


Scan all devices for missing patches

Select the frequency of the patch scan, either daily, weekly, or monthly and scheduled at the precise time when you would like the scan to take place.


Deploy patches

All vendors, software applications, and severities will be patched automatically, but you can also easily exclude any application that you don’t want patched.


Review patch status

From the console, easily see missing patches, patch name and severity level, along with release notes, release date, and more.

Patch Management

Enhance application security and prevent vulnerabilities with comprehensive patch management.

Prevent Vulnerabilities

Keep Windows Operating Systems and other third-party software applications up to date automatically to prevent possible vulnerabilities or security gaps.

Ensure Compliance

Identify outdated software, installed and failed to install security patches for company and regulatory compliance.

Centralize Management

Scan all devices, set schedules, and receive reports from a single console for quick and easy patch management.

Are your endpoints safe?

We recently conducted a security assessment of 500,000 endpoints and only 29% passed all of the patch tests. And of the 500,000 devices analyzed, only 304 were 100% patched.

Patch Management Features

Flexible deployment schedules

Apply approved patches when it is convenient for your business.

Local patch agent

All available patches are downloaded to a local device that acts as a master agent to distribute patches to managed devices in the network.

Intuitive Dashboard

Manage all required software patches and view graphical summaries of installed patches, missing patches, and failed patches on any device under management.

Patch scan results

View patch scan results from the management console to learn more about missing patches including the specific update (KB), bulletin links, release date, description, and more.

Customizable patches

Select software vendor(s), product(s) and severity of patches to scan and install. Add vendor, product, and severity exclusions to your deployment policy.

Multiple reports

A variety of configurable reports are available to assist with determining the health and security of your devices’ software.

Thousands of compatible applications

Our patch selection includes Windows operating systems and thousands of other third-party software applications such as:

Thousands of compatible applications See the whole list of applications

Get Patch Management in the Management Console

Patch Management and any of the Avast Business Antivirus products are deployed through the Management Console, making it seamless to manage the endpoint security of all your devices from a single platform. Patch Management can only be managed from the console.

Learn more about the Management Console

If you already use the Avast Business Management Console, please log in and purchase Patch Management from there.

Patch Management - Management Console

You can easily check status of your patches in Management Console:

20% OFF

Avast Business Patch Management

Automatically fixes and updates Windows Operating System and thousands third-party software applications.

For Windows operating systems only.

$29.99 $37.49

Buy now Free 30-day trial

If you already use the Avast Business Management Console, please log in and purchase Patch Management from there.

30-day money back guarantee

Frequently Asked Questions

System Requirements

Should I turn off Windows Update before using Patch Management?

Yes, it is highly recommended that you change Windows Update settings for your devices via the Windows Update Center and/or Group Policy so Patch Management can provide updates.

The Windows Update service must not be disabled; rather, it should be set to either Manual or Automatic to successfully deploy patches. In addition, the Windows Update setting on each target machine (Control Panel > System and Security > Windows Update > Change settings) should be set to Never check for updates.

Are there any hardware/software changes I should complete before using Patch Management?

Deployment of patches will run under the remote machine's Local System account so make sure this is allowed.

What will happen to Software Updater?

We have phased out Software Updater from Avast Business antivirus products as it conflicts with the Patch Management service.

How do I set up a patch schedule for groups and/or devices?

You can set your patch schedule in Device Settings > Policy > Patch Management > Step 2. All devices or groups under the Patch Management policy will follow the schedule you set.

What is the difference between the Patches page and the Devices page?

The Patches page provides an overview of all missing patches for all devices connected to your console. The Devices page provides a list of your devices and the Device Patch Results tab identifies missing patches for that particular device.

How do I see the patch status for all my managed devices?

We will have 6 reports in total that will provide detailed information on the severity of missing or installed patches with vendors, and on software applications.

Where can I see how many devices are licensed for patch?

You will be able to see how many devices are licensed for patch under the ‘Licenses’ section in the console.

Why are my Mac OS X devices not being patched?

We are planning to support Patch Management for Mac OS X devices in the second half of 2019.

Why are some devices not patched even after the patches have been deployed?

Could be due to the following reasons:

  1. The patch is currently being installed on those devices and will sync back with the console after the patch has been successfully installed.
  2. The patch could have failed to install and will be scheduled for a reinstall based on your patch deployment schedule.
  3. The device is offline.

Where can I modify the patch schedule and add exclusions?

You can modify the patch deployment schedule and exclude vendors and applications by going to Device Settings > Select Policy > Patch Management tab.

Can I patch all my devices in a single action?

Yes, you can manually deploy patches to individual devices and groups of devices in one action.

What statuses do patches have?

Patches will be in one of the following states.

  • Scheduled: Grey Icon - Patch approved and scheduled to be deployed to device/s
  • Deployed: Green Icon - Patch successfully deployed to device/s
  • Failed to deploy: Red Icon - Failed to deploy patch/es to device/s
  • Missing: Yellow Icon - Patch is missing from device/s
  • Waiting to scan: Grey Icon - Waiting to run patch scan on device
  • Failed to scan: Red Icon - Failed to run patch scan on device

How long does it take to patch a device?

It could take from a few seconds to hours. The time depends on the size of the patch that is being downloaded to the device, the software application it is updating, and the hardware of the device.

Will my device that is set as the Master Agent download patches and deploy to my devices?

Yes, the device you have selected as the Master Agent will be used to store the software application patches and will distribute them to devices on the network so as to save bandwidth. If you do not have a Master Agent selected, devices will download the software application patch directly from the internet (not recommended).

  • Windows operating system:
  • Avast Business products are supported by Avast Software s.r.o. on the following editions: Windows 7 (Service Pack 1), Windows 8, Windows 8.1, Windows 10 – Windows 10 Pro, Windows 10 Education, and Windows 10 Enterprise. Avast Business Products are supported on the following servicing branches of Windows 10 – Current Branch (CB), Current Branch for Business (CBB), Long-Term Servicing Branch (LTSB) and will be supported for the lifetime of the app.
  • Servers:
  • Windows Server 2016 (64-bit version)
  • Windows Server 2012 (64-bit version)
  • Windows Server 2008 R2 (64-bit version with the latest Service Pack, excl. Server Core Edition)
  • Microsoft Exchange Server 2016 (64-bit version)
  • Microsoft Exchange Server 2013 (64-bit version)
  • Microsoft Exchange Server 2010 Service Pack 2 (64-bit version)
  • Hardware:
  • Intel Pentium 4 / AMD Athlon 64 CPU supporting SSE2 instructions, 256 MB+ RAM and 2 GB of hard disk space.