Prerequisites and System Requirements
SolarWinds (from Agent 10.8.0 RC)
- Microsoft Windows 7 SP1
- Microsoft Windows 8
- Microsoft Windows 8.1
- Microsoft Windows 10
- Microsoft Windows Server 2008 R2 SP1
- Microsoft Windows Server 2012
- Microsoft Windows Server 2012 R2
- Microsoft Windows Server 2016
Ensure the operating system is on the latest service pack available. This is critical for Windows 7 and Windows Server 2008 R2
The following Operating Systems are not supported from Agent 10.8.0 RC:
- Microsoft Windows XP
- Microsoft Windows Vista
- Microsoft Windows Server 2003
- Microsoft Windows Server 2008
- Microsoft Windows 10 Home
LanGuard (Agent 8.5 to 10.7.13) from...
- Microsoft Small Business Server 2003 SP1
- Microsoft Windows XP Professional SP2
- Microsoft Windows 2000 SP 4, Internet Explorer 6 SP1+, Windows Installer 3.1+
Patch Management is not supported on Core (including Hyper-V) systems.
For supported Windows versions and the associated Monitoring Agent (where applicable), please refer to Supported Operating Systems: Windows
Agent updates and Patch Management configuration and usage is available to Dashboard users with enhanced permissions (for example Superuser) or a login with Agents and Patch Management privileges enabled.
Any substantive changes made via the Dashboard, for example changes to Patch Management's configuration, are included in the Report menu's User Audit Report.
Patch Download Location
During the installation process patches are downloaded to a temporary repository folder then copied to C:\Windows\Patches where they are executed from. At the end of the remediation process, the patch files are deleted from both locations.
Windows Update Agent
Patch Management uses the Windows Update Agent (wuauserv service) when scanning for Microsoft patches. The service displays as Automatic Updates (pre-Vista) or Windows Update (post-Vista).
The wuauserv service is enabled by default and should start automatically on all Operating Systems, however if the service is disabled or not installed then the Windows Update Agent is not invokable and Patch Management will fail to detect any Microsoft patches.
The minimum version of the Windows Update Agent (WUA) required for the SolarWinds Patch Management engine must be greater than 7.6.7600.320. The base NT build version of windows should be 6.1 or later. Older versions of the base NT build cannot upgrade past version 7.6.7600.256 of the Windows Update Agent.
To determine the version of Windows Update Agent use the following procedure:
- In the File Explorer, navigate to C:\Windows\System32\ and locate the file wuaueng.dll
- Right-click the file and click Properties
- Click the Details tab, to find the Product Version
LanGuard Patch Management only supports Microsoft patches when delivered through their automated offline update delivery mechanisms WSUS or MBSA.
Patch Management and Windows Update from Monitoring Agent 10.8.0 RC
The Patch Management SolarWinds engine included from Windows Monitoring Agent 10.8.0 RC takes administrative control of Windows Update to download files and install the patches.
Proxies and Windows Updates
In Windows, you can configure the Agent to use a proxy to download Microsoft patches and third party patches. However, Windows Update does not inherit the proxy settings entered in the Agent and instead applies the proxy configuration from Windows. As a result Patch Management cannot use the Agent entered proxy settings to download Windows updates. The customer can configure their systems to enable Windows Update to use a proxy to retrieve a list of updates. Visit the Microsoft article How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site for further information.
Recommended Antivirus Settings
Due to the intensive nature of the Patch Status Scan on the device, its performance may be affected by any antivirus or antispyware products, particularly when they are configured for real-time scanning. In order to alleviate the impact of these programs, we would suggest adding exceptions for the following Patch Management folders (and sub-folders) to allow read/write access.
From Windows Agent 10.8.0 RC.
%Programfiles(x86)%\Advanced Monitoring Agent\CacheService
%Programfiles(x86)%\Advanced Monitoring Agent\patchman
%Programfiles(x86)%\Advanced Monitoring Agent\RpcServer
%Programfiles(x86)%\Advanced Monitoring Agent\CacheService\SolarWinds.MSP.CacheService.exe
%Programfiles(x86)%\Advanced Monitoring Agent\patchman\Diagnostics\SolarwindsDiagnostics.exe
%Programfiles(x86)%\Advanced Monitoring Agent\patchman\Installers\CacheServiceSetup.exe
%Programfiles(x86)%\Advanced Monitoring Agent\patchman\Installers\RPCServerServiceSetup.exe
%Programfiles(x86)%\Advanced Monitoring Agent\patchman\ThirdPartyPatch\7z.exe
%Programfiles(x86)%\Advanced Monitoring Agent\patchman\ThirdPartyPatch\ThirdPartyPatch.exe
%Programfiles(x86)%\Advanced Monitoring Agent\RpcServer\SolarWinds.MSP.RpcServerService.exe
Program Path (all Operating Systems)
%Programfiles(x86)%\Advanced Monitoring Agent\patchman
Data Folder (all Operating Systems)
Data Folder (Post-Vista)
Data Folder (Pre-Vista)
...\Documents and settings\all users\application data\GFI
The Group Policy Advanced Monitoring Agent installs to ...\Program Files (x86)\Advanced Monitoring Agent GP\...
Patch Management URLs
Patch Management requires specific files to successfully scan the device and problems may occur where these files are unavailable. To ensure these files are successfully downloaded, we would suggest allowing the following URLs in any firewall (including Deep Packet Inspection modules) or web monitoring software on the computer over both HTTP (port 80) and HTTPS (port 443).
To ensure the successful operation of the SolarWinds Engine. HTTP and HTTPS communication between the SolarWinds.MSP.CacheService Windows service (%Programfiles(x86)%\Advanced Monitoring Agent\CacheService\SolarWinds.MSP.CacheService.exe) and sis.n-able.com must not be blocked.
By default, new Dashboards have Patch Management enabled by default and configured for manual patch approval and installation.
Please be aware that we are not responsible for any harmful effects that actions performed by Patch Management may have on the target system.