Prerequisites and System Requirements

System Requirements

SolarWinds (from Agent 10.8.0 RC)

  • Microsoft Windows 7 SP1
  • Microsoft Windows 8
  • Microsoft Windows 8.1
  • Microsoft Windows 10
  • Microsoft Windows Server 2008 R2 SP1
  • Microsoft Windows Server 2012
  • Microsoft Windows Server 2012 R2
  • Microsoft Windows Server 2016

Ensure the operating system is on the latest service pack available. This is critical for Windows 7 and Windows Server 2008 R2

The following Operating Systems are not supported from Agent 10.8.0 RC:

  • Microsoft Windows XP
  • Microsoft Windows Vista
  • Microsoft Windows Server 2003
  • Microsoft Windows Server 2008
  • Microsoft Windows 10 Home

LanGuard (Agent 8.5 to 10.7.13) from...

  • Microsoft Small Business Server 2003 SP1
  • Microsoft Windows XP Professional SP2
  • Microsoft Windows 2000 SP 4, Internet Explorer 6 SP1+, Windows Installer 3.1+

Patch Management is not supported on Core (including Hyper-V) systems.

For supported Windows versions and the associated Monitoring Agent (where applicable), please refer to Supported Operating Systems: Windows

Dashboard Permissions

Agent updates and Patch Management configuration and usage is available to Dashboard users with enhanced permissions (for example Superuser) or a login with Agents and Patch Management privileges enabled.

Any substantive changes made via the Dashboard, for example changes to Patch Management's configuration, are included in the Report menu's User Audit Report.

Patch Download Location

During the installation process patches are downloaded to a temporary repository folder then copied to C:\Windows\Patches where they are executed from. At the end of the remediation process, the patch files are deleted from both locations.

Windows Update Agent

Patch Management uses the Windows Update Agent (wuauserv service) when scanning for Microsoft patches. The service displays as Automatic Updates (pre-Vista) or Windows Update (post-Vista).

The wuauserv service is enabled by default and should start automatically on all Operating Systems, however if the service is disabled or not installed then the Windows Update Agent is not invokable and Patch Management will fail to detect any Microsoft patches.

The minimum version of the Windows Update Agent (WUA) required for the SolarWinds Patch Management engine must be greater than 7.6.7600.320. The base NT build version of windows should be 6.1 or later. Older versions of the base NT build cannot upgrade past version 7.6.7600.256 of the Windows Update Agent.

To determine the version of Windows Update Agent use the following procedure:

  1. In the File Explorer, navigate to C:\Windows\System32\ and locate the file wuaueng.dll
  2. Right-click the file and click Properties
  3. Click the Details tab, to find the Product Version

LanGuard Patch Management only supports Microsoft patches when delivered through their automated offline update delivery mechanisms WSUS or MBSA.

Patch Management and Windows Update from Monitoring Agent 10.8.0 RC

The Patch Management SolarWinds engine included from Windows Monitoring Agent 10.8.0 RC takes administrative control of Windows Update to download files and install the patches.

Proxies and Windows Updates

In Windows, you can configure the Agent to use a proxy to download Microsoft patches and third party patches. However, Windows Update does not inherit the proxy settings entered in the Agent and instead applies the proxy configuration from Windows. As a result Patch Management cannot use the Agent entered proxy settings to download Windows updates. The customer can configure their systems to enable Windows Update to use a proxy to retrieve a list of updates. Visit the Microsoft article How the Windows Update client determines which proxy server to use to connect to the Windows Update Web site for further information.

Recommended Antivirus Settings

Due to the intensive nature of the Patch Status Scan on the device, its performance may be affected by any antivirus or antispyware products, particularly when they are configured for real-time scanning. In order to alleviate the impact of these programs, we would suggest adding exceptions for the following Patch Management folders (and sub-folders) to allow read/write access.

SolarWinds Engine

From Windows Agent 10.8.0 RC.

Program Path

%Programfiles(x86)%\Advanced Monitoring Agent\CacheService

%Programfiles(x86)%\Advanced Monitoring Agent\patchman

%Programfiles(x86)%\Advanced Monitoring Agent\RpcServer

Data Folder

%ProgramData%\SolarWinds MSP

File Path

%Programfiles(x86)%\Advanced Monitoring Agent\CacheService\SolarWinds.MSP.CacheService.exe

%Programfiles(x86)%\Advanced Monitoring Agent\patchman\Diagnostics\SolarwindsDiagnostics.exe

%Programfiles(x86)%\Advanced Monitoring Agent\patchman\Installers\CacheServiceSetup.exe

%Programfiles(x86)%\Advanced Monitoring Agent\patchman\Installers\RPCServerServiceSetup.exe

%Programfiles(x86)%\Advanced Monitoring Agent\patchman\ThirdPartyPatch\7z.exe

%Programfiles(x86)%\Advanced Monitoring Agent\patchman\ThirdPartyPatch\ThirdPartyPatch.exe

%Programfiles(x86)%\Advanced Monitoring Agent\RpcServer\SolarWinds.MSP.RpcServerService.exe

LanGuard Engine

Program Path (all Operating Systems)

%Programfiles(x86)%\Advanced Monitoring Agent\patchman

Data Folder (all Operating Systems)

%Programfiles(x86)%\Common Files\GFI

Data Folder (Post-Vista)

%ProgramData%\GFI

Data Folder (Pre-Vista)

...\Documents and settings\all users\application data\GFI

The Group Policy Advanced Monitoring Agent installs to ...\Program Files (x86)\Advanced Monitoring Agent GP\...

Patch Management URLs

Patch Management requires specific files to successfully scan the device and problems may occur where these files are unavailable. To ensure these files are successfully downloaded, we would suggest allowing the following URLs in any firewall (including Deep Packet Inspection modules) or web monitoring software on the computer over both HTTP (port 80) and HTTPS (port 443).

SolarWinds Engine

sis.n-able.com*

go.microsoft.com/*

*.download.microsoft.com

*.windowsupdate.com

*.update.microsoft.com

To ensure the successful operation of the SolarWinds Engine. HTTP and HTTPS communication between the SolarWinds.MSP.CacheService Windows service (%Programfiles(x86)%\Advanced Monitoring Agent\CacheService\SolarWinds.MSP.CacheService.exe) and sis.n-able.com must not be blocked.

LanGuard Engine

http://software.gfi.com

http://software.gfi.com/lnsupdate/index.txt

http://software.gfi.com/lnsupdate/lnss11updateinfo.xml

http://software.gfi.com/lnsupdate/lanss_11_patchmngmt.7z

http://software.gfi.com/lnsupdate/lanss_11_mnspdata.7z

http://software.gfi.com/lnsupdate/lanss_11_patchmngmtprerequisites.7z

http://go.microsoft.com/fwlink/?LinkID=74689

software.gfi.com/*

go.microsoft.com/*

*.download.microsoft.com

*.windowsupdate.com

*.update.microsoft.com

By default, new Dashboards have Patch Management enabled by default and configured for manual patch approval and installation.

Disclaimer
Please be aware that we are not responsible for any harmful effects that actions performed by Patch Management may have on the target system.