View and Manage Patches for Windows and 3rd Party Applications
Click 'Devices' > 'Device List' > click on a Windows device > Click ‘Patch Management
- Windows and 3rd party applications have to be kept up-to-date to protect them from vulnerabilities.
- The details page of each device has a patch management tab which lets you view and install available patches. You can install multiple patches on a device simultaneously.
- This section tells you how to patch individual devices via the 'Device Details' screen.
- Alternatively, there is a full patch management interface at 'Applications' > 'Patch Management'. Go here if you want to manage patches on multiple devices. See 'Patch Management' for help with this.
Note: Hidden OS patches are not visible in a device's patch management screen. You can hide/unhide them in the full patch management interface at 'Applications' > 'Patch Management' > 'Operating System' tab.
Process in brief
- Click 'Devices' > 'Device List'
- Click the name of a Windows device to open its details page
- Select the 'Patch Management' tab
- Choose the patches you want to install from the 'Operating System' and 'Third Party' tabs
- Click 'Install Patches'. Each tab has a separate install button.
- Operating System - Shows all installed and pending OS patches for the device. Additional details are available for each patch, including classification, severity, release date, installation status and knowledgebase articles.
- Third Party Applications – Shows applications on the device for which updates are available. The version numbers of the currently installed version and the latest available version are shown. The 'severity' column tells you the importance of the update.
View Windows patches available for a device
- Click 'Devices' > 'Device List'
- Click the 'Device Management' tab above the control buttons
- Click the name of a Windows device to open its details page
- Select the 'Patch Management' tab
- Click the 'Operating System' tab
Note:
|
Column Heading |
Description |
---|---|
Title |
The descriptive name of the patch.
|
KB |
The Microsoft knowledgebase article for the patch.
|
CVE |
The common vulnerabilities and exposures (CVE) entry number. Click the number to view details such as summary, vulnerability type, published date, vendor, affected devices and more. |
Bulletin |
The Microsoft bulletin number that contains details about the patch.
|
Classification |
The category of the patch. The possible values
are:
|
Severity |
The criticality of the patch. The severity levels are:
|
Reboot |
Whether or not the endpoint requires a restart to complete the patch installation. |
Release Date |
The date on which the patch was released by Microsoft |
Status |
Whether the patch has been installed on the device or not. The possible values are:
|
Controls |
|
Install Patch(es) |
Deploy selected patches to the device. See Install missing patches on the device for more details. |
Uninstall Patch(es) |
Remove previously installed patches or updates from the device. See Uninstall patches from a device for more details. |
Check Available Updates |
Refresh patch inventory with the latest updates available for the device. |
- Click any column header to sort the items in ascending/descending order of entries in that column
- Click the funnel icon on the right to filter patches by various criteria, including by severity, by whether a patch is available, or by patch installation status
Install missing patches on the device
Note – Make sure the missing patches are approved in ‘Applications’ > ‘Patch Management’ > ‘Operating System’
- Click 'Devices' > 'Device List'
- Click the 'Device Management' tab above the control buttons
- Click the name of a Windows device to open its details page
- Select the 'Patch Management' tab
- Click the 'Operating System' tab
- Identify patches with 'Available' status
- Click the funnel icon on the right
- Select 'Available' from the 'Status' drop-down
- Click 'Apply'
- Select the patches you want to install
- Click 'Install Patch(es)':
- Maintenance window status – Details of any maintenance windows in the device’s profile.
- Total number of devices outside of maintenance window – The number of devices that are not part of a maintenance window. The patches can run on these devices.
- Number of devices blocked by maintenance windows settings - The number of devices on which you cannot run the patches because the admin has blocked patch installation outside of the maintenance window.
- Number of devices warned by maintenance window settings - The number of devices that are part of a maintenance window and have warnings enabled. You can still run the patches on these devices.
- Skip devices warned by maintenance windows settings – A maintenance window is a time-slot reserved for running important tasks on target devices. Admins can enable a warning if somebody attempts to run a patch installation outside of the window. This setting will skip those devices which have been added to a maintenance window with warnings enabled.
- Click 'OK'.
A command will be sent to install the selected patches.
Uninstall patches and Windows updates from the device
- Click 'Devices' > 'Device List'
- Click the 'Device Management' tab above the control buttons
- Click the name of a Windows device to open its details page
- Select the 'Patch Management' tab
- Click the 'Operating System' tab
- Identify patches and updates with 'Installed' status
- Click the funnel icon on the right
- Select 'Installed' from the 'Status' drop-down
- Click 'Apply'
- Select the items you want to uninstall
- Click 'Uninstall Patch(es)':
- Click 'OK' in the confirmation dialog
View 3rd party application patches available for a device
- Click 'Devices' > 'Device List'
- Click the 'Device Management' tab above the control buttons
- Click the name of a Windows device to open its details page
- Click the 'Patch Management' tab then 'Third Party Applications':
Third Party Applications - Column Descriptions |
|
---|---|
Column Heading |
Description |
Software Name |
The label of the third party application.
|
Vendor |
The software publisher. |
Software Category |
The type of the application. Possible values include:
|
Installed Version |
The version number of the application currently installed on the endpoint. |
Installed Date |
The date on which the application was installed on the endpoint. |
Latest Version Available |
The version number of the latest version of the application that is available from the publisher. |
Severity |
Indicates the level of severity of the update as determined by Microsoft. The severity levels are:
|
Release Date |
The date at which the latest version of the application was released. |
Controls |
|
---|---|
Install Patch(es) |
Remotely install selected patches on the device. See Install 3rd party application patches on a device for more details. |
See 'EM Supported 3rd Party Applications' to view the full list of applications that can be updated.
Install 3rd party application patches on a device
- Click 'Devices' > 'Device List'
- Click the 'Device Management' tab above the control buttons
- Click the name of a Windows device to open its details page
- Select the 'Patch Management' tab then open 'Third Party Applications'
- Choose the patches you want to install
- Click the 'Install Patch(es)' button
- Select 'Update to the latest version' or 'Update to specific version' as required
- Click 'Send'
- Click OK in the confirmation dialog:
- A command will be sent to the endpoint to install the patch:
- Once the command is received, the communication client (CC) on the endpoint will check whether the update is available on any other devices in the network.
- If available, CC downloads the patch from the other device over a peer-to-peer connection. This reduces bandwidth consumption and speeds up the deployment process.
- If the update is not available on the local network, CC downloads the update from the EM patch portal.