Remote Monitoring & Management Help

Patches tab - Manage Patches on individual Devices

Patch Management retrieves the device's installed and available patches then uploads this information to the Dashboard where it is displayed in the device's Patches tab.

All patches display their current installation state along with their Severity, Patch Name, Product, Date Installed (if installed by Patch Management), and whether they are Installable or Uninstallable

Patch Installation States

patch_missing_icon

Missing

A patch available for the device and awaiting approval for installation

patch_pending_icon

Pending

Patch was approved and awaiting manual or scheduled installation

patch_installing_icon

Installing

Patch currently installing

patch_installed_icon

Installed

Patch successfully installed. The Date Installed is populated where the patch was deployed via Patch Management

patch_failed_icon

Failed

Patch installation unsuccessful On a small number of occasions an unreported reboot may be required to complete an installation.

patch_ignored_icon

Ignored

Patch available for the device, but marked as Ignored. Ignored patches are not listed as missing in future Patch Checks on this server or workstation.

patch_reboot_icon

Reboot Required

Patch installed but requires a reboot to complete the installation process

Installable and Uninstallable

The majority of patches detected by Patch Management are programmatically deployable, however there are some families of patches that are not installable via automated means. The Installable column is used to indicate whether a patch can be installed by Patch Management (Installable = Yes) or whether manual intervention is required to install the patch (Installable = No).

Some Microsoft patches support a rollback option with this indicated under the Uninstallable. This uninstall option is supported from Windows Monitoring Agent 10.2.0.

pm_patches_tab

Patch Information

Double-click on a patch in the south panel to view detailed information (where available):

Section

Information

General

Patch Name | Status | Vendor | Product | More Information (link to vendor site)

Details

Type | Severity | Bulletin ID | Release Date | Major Version | Installable | Uninstallable

Last Installation Failure (where available)

Occurrence | Status | Reason

Across this Client

Devices where this patch is missing | Devices where this patch is installed | Devices where this patch is ignored

The Last Installation Failure details and Uninstall option (where the Patch is Uninstallable) are only available for devices running Advanced Monitoring Agent 10.2.0 or later.

In addition to displaying details on the patch, this dialog also includes action options to specify how the patch is handled on the device. Choose from:Inherit | Approve | Ignore | Do Nothing.

pm_patch_more_info2

Patch Action at the Device Level

Device level actions are configurable for a specific device via its Patches tab. Once approved the selected patches are installed based on the Installation Schedule or via the manual deployment option.

  1. Go to the Patches tab
  2. Use multi-select to choose the target patches (Shift and left-click for a range or Control and left-click for specific patches)
  3. Right click on one of the selection from the Patch drop-down)
  4. Select the required option. For example Approve or Inherit (where Approve is the parent setting in the global Patch Approval dialog)

 

Patch Options

Notes

Inherit

Applies the setting for the patch configured for the Client, Site or overall device type in the global Patch Approvaldialog

Approve

Authorizes the patch for installation

Ignore

Applied to patches that explicitly are not to be installed on the device. When a patch is ignored, it is not identified on the Dashboard or Reports as missing

Reasons for ignoring a patch include those circumstances where its installation is known to cause issues, the patch is outside of the ClientÂ’s service contract or where installing the patch would have licensing implications for the product.

Do Nothing

This option is designed to support the workflow where the missing patch is identified on the Dashboard, with the user manually approving the patch for installation.

Please be aware that Do Nothing is overridden whenever any Install Now action is performed where the policy automatically approves the patch, as described in Step 3.

An example of using Do Nothing may occur when a Critical Operating System update is available. Due to the potential implication of installing the patch it may be practical to delay deploying the patch until it is fully tested. Once identified as stable the patch may then be rolled out.

Reprocess Failed

Where problems were experienced installing a patch it is marked as Failed in the south panel. Selecting a Failed patch brings up the additional option to Reprocess Failed, which will attempt to install the patch again during the next installation cycle (either scheduled or manual).

Uninstall

Available for roll-back supported Microsoft patches

Where the patch requires a reboot to complete its installation, this is indicated in the Device's Summary tab and Reboot required column in the north pane. If a reboot is not configured as part of the Installation Schedule, it may be initiated directly from the Dashboard using Reboot Now or Later

pm_patches_tab

Patch Approval and Installation

The Approve Patch dialog, available when selecting an Approve action in the Patches tab, allows you to determine when the patch is installed.

Opt to Use existing schedule (for information, the current schedule is displayed) or Schedule for a new time then configure the installation time and patch reboot behavior. Enter the password of the account you have logged into the Dashboard under to confirm this action.

The Schedule for a new time setting is only applied to the patch on this device and takes precedence over the existing installation schedule.

The scheduled time refers to the local time of the computer the Agent is installed on. Please take this into consideration where your Dashboard contains Clients, Sites or Devices in different timezones, to ensure Patches are not installed at an inappropriate time. One suggestion is to set a custom Installation Schedule at the Client, Site or Device level based on their timezone.

pm_approve_south