Patch Management is an integral layer of security to keep your customers’ applications safe
Stay ahead of the latest threats
Centralize and simplify management
What exactly is
Patches are released to fix vulnerabilities or security gaps in Windows operating systems and other application software. If patches are not applied in a timely manner, networks can be severely compromised.
While most businesses are aware of the importance of patching, many don’t do it because there are too many patches, patching often interrupts operations, and and it can conflict with certain systems.
Patch Management solves these issues by making it easy to identify and deploy critical patches, and monitor ongoing activity from a central cloud management dashboard.
How does patching work?
Scan all devices for missing patches
Review patch status
Flexible deployment schedules
Master agent capabilities
Patch scan results
Thousands of patches
Roll back and ignore
Easily check the status of your patches
Get Patch in the CloudCare platform
Patch Management and any of the Avast Business antivirus products are deployed through the CloudCare layered security platform. Easily manage and monitor your clients’ endpoint and network security from a single, cloud-based platform for seamless protection across all devices.
Everything you need to know to use your Patch Management like a pro
Should I turn off Windows Update before using Patch Management?
Yes, it is highly recommended that you change Windows Update settings for your devices via the Windows Update Center and/or Group Policy so Patch Management can provide updates.
- The Windows Update service must not be disabled; rather, it should be set to either Manual or Automatic to successfully deploy patches. In addition, the Windows Update setting on each target machine (Control Panel > System and Security > Windows Update > Change settings) should be set to Never check for updates.
Are there any hardware/software changes I should complete before using Patch Management?
Deployment of patches will run under the remote machine's Local System account so make sure this is allowed.
How do I set up a patch schedule for groups and/or devices?
You can set up your patch schedule in Policies > Patch Management > Patch Deployment. All devices under the Patch Management policy will follow the schedule you set.
How do I see the patch status for all my managed devices?
Patches page provides detailed information on the severity of missing, approved, failed, ignored, and installed patches with vendors, and software applications.
Where can I see how many devices are licensed for patch?
You will be able to see how many devices are licensed for patch under the ‘Devices’ section in a customer account.
Why are some devices not patched even after the patches have been deployed?
1. The patch is currently being installed on those devices and will sync back with the console after the patch has been successfully installed.
2. The patch could have failed to install and will be scheduled for a reinstall based on your patch deployment schedule.
3. The device is offline.
Where can I modify the patch schedule and add exclusions?
You can modify the patch auto-approval rules for vendors, applications, and severity by going to Policies > Patch Management > Auto-Approval rules tab.
Can I patch all my devices in one step?
Yes, you can manually deploy patches to individual devices and groups of devices in one step by selecting patches under Patches, then Approve for Deployment.
What statuses do patches have?
Missing: Patch is missing from device(s)
Approved: Patch is approved to be deployed to device(s)
Deployed: Patch successfully deployed to device(s)
Failed: Failed to deploy patch/es to device(s)
Ignored: Patch has been ignored and will not be deployed
How long does it take to patch a device?
It could take anywhere from a few seconds to several hours. The time depends on the size of the patch that is being downloaded to the device, the software application it is updating, and the hardware of the device.
Will my device that is set as the Update Agent download patches and deploy to my devices?
Yes, the device you have selected as the Update Agent will be used to store the software application patches and will distribute them to devices on the network to save bandwidth. If you do not have an Update Agent selected, devices will download the software application patch directly from the internet (not recommended).