Remote Monitoring & Management Help

View Patch Information including Reports

Once Patch Management is enabled for the selection, the Advanced Monitoring Agent downloads the Patch Management installation package (through the Site Concentrator if available) and silently deploys the software.

It may take up to two 24x7 monitoring cycles for the feature to activate and once active on the device, it will automatically run a Patch Status Scan and report back any discovered missing patches to the Dashboard.

Depending on the installed Windows Monitoring Agent version, the Patch Status Scan automatically runs once per day at the same time as the Daily Safety Checks, based on an Installation Schedule where Agent 10.2.0 or later is installed or after a remediation action.

Additionally, the scan may also be triggered as required directly from the Dashboard via Re-run Patch Scan.

Checks Tab - Patch Status Check

The scan results are displayed against the Patch Status Check, accessible from the device's Checks tab on the Dashboard.

The Check's More Information link contains a summary of the results the last time the Check ran, click the link for detailed information in including the Last Scan run time along with the vulnerabilities and missing patches that were identified.

pm_vulnerability_check

Patches Tab

Information on the installed and available patches is retrieved by Patch Management, uploaded to the Dashboard and displayed in the device's Patches tab.  

All patches display their current installation state along with their Severity, Patch Name, Product, Date Installed (if installed by Patch Management), and whether they are Installable or Uninstallable

Patch Installation States

patch_missing_icon

Missing

A patch available for the device and awaiting approval for installation

patch_pending_icon

Pending

Patch was approved and awaiting manual or scheduled installation

patch_installing_icon

Installing

Patch currently installing

patch_installed_icon

Installed

Patch successfully installed. The Date Installed is populated where the patch was deployed via Patch Management

patch_failed_icon

Failed

Patch installation unsuccessful On a small number of occasions an unreported reboot may be required to complete an installation.

patch_ignored_icon

Ignored

Patch available for the device, but marked as Ignored. Ignored patches are not listed as missing in future Patch Checks on this server or workstation.

patch_reboot_icon

Reboot Required

Patch installed but requires a reboot to complete the installation process

Installable and Uninstallable

The majority of patches detected by Patch Management are programmatically deployable, however there are some families of patches that are not installable via automated means. The Installable column is used to indicate whether a patch can be installed by Patch Management (Installable = Yes) or whether manual intervention is required to install the patch (Installable = No).

Some Microsoft patches support a rollback option with this indicated under the Uninstallable. This uninstall option is supported from Windows Monitoring Agent 10.2.0.

pm_patches_tab

Patch Information

Double-click on a patch in the south panel to view detailed information (where available):

Section

Information

General

Patch Name | Status | Vendor | Product | More Information (link to vendor site)

Details

Type | Severity | Bulletin ID | Release Date | Major Version | Installable | Uninstallable

Last Installation Failure (where available)

Occurrence | Status | Reason

Across this Client

Devices where this patch is missing | Devices where this patch is installed | Devices where this patch is ignored

The Last Installation Failure details and Uninstall option (where the Patch is Uninstallable) are only available for devices running Advanced Monitoring Agent 10.2.0 or later.

In addition to displaying details on the patch, this dialog also includes action options to specify how the patch is handled on the device. Choose from:Inherit | Approve | Ignore | Do Nothing.

Information on these actions is available in the Patches tab - Manage Patches on individual Devices

pm_patch_more_info2

Dashboard north pane: Patches Pending Column

To display targeted and relevant information, you can choose the columns displayed in the Dashboard north pane. To highlight those devices where a patch is currently in the pending state, you can include the Patches Pending column.

  1. Click on the Columns drop-down above the Dashboard's north pane
  2. Tick to include or untick to remove thePatches Pending column

show_columns

Dashboard Reports

Patch Management Overview Report

The Patch Management Overview Report is available as HTML, CSV or XML and lists the name and installation status of all discovered patches across the selected Client(s) devices.

Patch Failure Report

The Patch Failure Report tracks all patch failures, even those where the installation was eventually successful, to help identify typically problematic patches.

Client Facing Reports

Client Daily and Weekly Reports

The Patch Status Check results are included in the Client Daily Report and Client Weekly Report alongside the other Daily Safety Checks.

Use Report Mode to ensure the Patch Status Check always passes, even when missing patches or vulnerabilities are identified.

Client Monthly Report

The option to include a list of missing and installed patches for the last calendar month along with their install date (if deployed by Patch Management) is available for the Client Monthly Report and is configurable for all or specific clients (override content)

Including this information demonstrates just how hard your team is working on the Client's’ behalf to keep their systems up-to-date and disruption to a minimum.

In the Client Monthly Report Missing patches cannot be included without also including Installed patches.